General

  • Target

    ready.apk

  • Size

    680KB

  • Sample

    230922-wcv6eshd8x

  • MD5

    4079184334f96fa19bb904ab0b334707

  • SHA1

    90781e6f3ff458db9e8f4ef3883f73251adba0d1

  • SHA256

    8ccacda64d010d562dc9f121d4cfb7a6351cc7bf9f052949a888bac3d7a20140

  • SHA512

    090eeeca220a763d989247e07da70b451e2ddefafd2e1d9e1558a391e425528d979161da5856be7416c24725cb0743cef2da204288913084ee7a7b71203553f3

  • SSDEEP

    12288:Rwlbo9GgLRBWItYYyow7HCgI4Zf3n0dF5whzRs911hAsPlno6Rq21/g3Q750YZ:RwlfglBWItYYjwjCgI4p0dFV9DWGlnoY

Malware Config

Extracted

Family

spynote

C2

soon-lp.at.ply.gg:17209

Targets

    • Target

      ready.apk

    • Size

      680KB

    • MD5

      4079184334f96fa19bb904ab0b334707

    • SHA1

      90781e6f3ff458db9e8f4ef3883f73251adba0d1

    • SHA256

      8ccacda64d010d562dc9f121d4cfb7a6351cc7bf9f052949a888bac3d7a20140

    • SHA512

      090eeeca220a763d989247e07da70b451e2ddefafd2e1d9e1558a391e425528d979161da5856be7416c24725cb0743cef2da204288913084ee7a7b71203553f3

    • SSDEEP

      12288:Rwlbo9GgLRBWItYYyow7HCgI4Zf3n0dF5whzRs911hAsPlno6Rq21/g3Q750YZ:RwlfglBWItYYjwjCgI4p0dFV9DWGlnoY

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Removes its main activity from the application launcher

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries the unique device ID (IMEI, MEID, IMSI).

    • Reads information about phone network operator.

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks