General
-
Target
NEAS.55710744002873ae31cf9d9b2480b765acb5a2ced1518c491f6ee55b6842a425_JC.zip
-
Size
2.0MB
-
Sample
231006-zd8ppaaa45
-
MD5
c88a7aea7a624e26209ca49b84bb19c4
-
SHA1
e11bf9286e0fb73370edaff2ca89518f18cb65cf
-
SHA256
55710744002873ae31cf9d9b2480b765acb5a2ced1518c491f6ee55b6842a425
-
SHA512
245a2e6055a226f460c0276e55a59a23ace11ab63fa00e611366721a6277eea9ac5e6b44079b0c221874fc042bcfd252125df302fa39780e8e2e430adaa585d7
-
SSDEEP
12288:WolF2l+3jED0va6H1RFQEyuz4Zy7Ir9ZZpRlKLA+gAlj6Z:Woa96pQE6Z8+9ZZXslj6Z
Behavioral task
behavioral1
Sample
NEAS.55710744002873ae31cf9d9b2480b765acb5a2ced1518c491f6ee55b6842a425_JC.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
NEAS.55710744002873ae31cf9d9b2480b765acb5a2ced1518c491f6ee55b6842a425_JC.apk
Resource
android-x64-20230831-en
Malware Config
Extracted
spynote
0.tcp.sa.ngrok.io:18761
Targets
-
-
Target
NEAS.55710744002873ae31cf9d9b2480b765acb5a2ced1518c491f6ee55b6842a425_JC.zip
-
Size
2.0MB
-
MD5
c88a7aea7a624e26209ca49b84bb19c4
-
SHA1
e11bf9286e0fb73370edaff2ca89518f18cb65cf
-
SHA256
55710744002873ae31cf9d9b2480b765acb5a2ced1518c491f6ee55b6842a425
-
SHA512
245a2e6055a226f460c0276e55a59a23ace11ab63fa00e611366721a6277eea9ac5e6b44079b0c221874fc042bcfd252125df302fa39780e8e2e430adaa585d7
-
SSDEEP
12288:WolF2l+3jED0va6H1RFQEyuz4Zy7Ir9ZZpRlKLA+gAlj6Z:Woa96pQE6Z8+9ZZXslj6Z
-
Makes use of the framework's Accessibility service.
-
Acquires the wake lock.
-
Legitimate hosting services abused for malware hosting/C2
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-