General

  • Target

    Youtube Lite.apk

  • Size

    3.7MB

  • Sample

    230914-axdwzsag92

  • MD5

    7b0e166ae3d390f762aea2f31310ac76

  • SHA1

    6a39124e760418638909698454f551b247b66d8f

  • SHA256

    8280b416c7f11e6fa4ef6a3e04059b8e10d5617cd80460d4d588da48ed55cc75

  • SHA512

    eb293400c9bdc4ca33c056576479eaa226699b527ca0fe9e478bc3cd333de7e1d8ecbc7cf2471b7389a154f5d8a99cdfbb8e37921ff4822e6b4ff02256a84540

  • SSDEEP

    98304:d7NkIeBwoTcPezkhpzcuzBQLnymzfzBWTy0ts85Rq:d7BoYPezQtLBQj9zsxPq

Malware Config

Extracted

Family

spynote

C2

fee-harmful.gl.at.ply.gg:41934

Targets

    • Target

      Youtube Lite.apk

    • Size

      3.7MB

    • MD5

      7b0e166ae3d390f762aea2f31310ac76

    • SHA1

      6a39124e760418638909698454f551b247b66d8f

    • SHA256

      8280b416c7f11e6fa4ef6a3e04059b8e10d5617cd80460d4d588da48ed55cc75

    • SHA512

      eb293400c9bdc4ca33c056576479eaa226699b527ca0fe9e478bc3cd333de7e1d8ecbc7cf2471b7389a154f5d8a99cdfbb8e37921ff4822e6b4ff02256a84540

    • SSDEEP

      98304:d7NkIeBwoTcPezkhpzcuzBQLnymzfzBWTy0ts85Rq:d7BoYPezQtLBQj9zsxPq

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Removes its main activity from the application launcher

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks