Overview

overview

10

Static

static

10

FAPlusv140_Jected.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FAPlusv140_Jected.apk

  • Size

    6.8MB

  • Sample

    231004-v5la9adc9z

  • MD5

    2a99530175ecbc707a6efa0d3e328263

  • SHA1

    49248a5f3d0d26a341c41624eb2e9b39e81c9303

  • SHA256

    52992e24e143dab006679a2e2bf13bf6d5e1b7df878a800b83bdd8400402bf32

  • SHA512

    2d0ebc662928003f8214f8b3eadb993f15d91694d172d84f17d9295e6e58a8f9c3749c281d2b7f108fed6041644381acf7b7a2bf71e470f04c6f37bc15f0289e

  • SSDEEP

    98304:ue571A6vrtEwycx7O+HPfZroo8OOCTwNjl55uaGxo4SFvo6znnfFXIu19S+mpKQ0:ue5RAst9NxTZ47n1o6zdYu197PC3Xs

Score
10/10
spynoteandroidevasionransomware

Malware Config

Extracted

Family

spynote

C2

fee-harmful.gl.at.ply.gg:41934

Targets

    • Target

      FAPlusv140_Jected.apk

    • Size

      6.8MB

    • MD5

      2a99530175ecbc707a6efa0d3e328263

    • SHA1

      49248a5f3d0d26a341c41624eb2e9b39e81c9303

    • SHA256

      52992e24e143dab006679a2e2bf13bf6d5e1b7df878a800b83bdd8400402bf32

    • SHA512

      2d0ebc662928003f8214f8b3eadb993f15d91694d172d84f17d9295e6e58a8f9c3749c281d2b7f108fed6041644381acf7b7a2bf71e470f04c6f37bc15f0289e

    • SSDEEP

      98304:ue571A6vrtEwycx7O+HPfZroo8OOCTwNjl55uaGxo4SFvo6znnfFXIu19S+mpKQ0:ue5RAst9NxTZ47n1o6zdYu197PC3Xs

    Score
    8/10
    evasionransomware

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Legitimate hosting services abused for malware hosting/C2

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Tasks