General

  • Target

    a589a0ac38ebd008520b6353b3af32ba.apk

  • Size

    5.4MB

  • Sample

    231016-h48c6scd8v

  • MD5

    a589a0ac38ebd008520b6353b3af32ba

  • SHA1

    7cc67298e3d8e3a3bf3ba8b19adea6382f2e8928

  • SHA256

    004c574b2c5a0ca63a2d1b8e50245245c33e914424bf8cd8830a3d648a4644bf

  • SHA512

    0c1b55d2bb40c76bda33ca6cd35e9771593cd8bccf6c044bd0d2de431178f35a5aa256e6c66781842976e8f1a7f2f73e6e59345c076ccde539713e2cf11ddc4b

  • SSDEEP

    98304:4frPajAM4CTaGBDXARrYmflD/wZ6DO8X6JRUxC69mmzvzBPTi0tAxVD6:4frPaF4CT3Pu26DO8KrgCYRzNhi0

Malware Config

Extracted

Family

spynote

C2

81.161.229.3:7771

Targets

    • Target

      a589a0ac38ebd008520b6353b3af32ba.apk

    • Size

      5.4MB

    • MD5

      a589a0ac38ebd008520b6353b3af32ba

    • SHA1

      7cc67298e3d8e3a3bf3ba8b19adea6382f2e8928

    • SHA256

      004c574b2c5a0ca63a2d1b8e50245245c33e914424bf8cd8830a3d648a4644bf

    • SHA512

      0c1b55d2bb40c76bda33ca6cd35e9771593cd8bccf6c044bd0d2de431178f35a5aa256e6c66781842976e8f1a7f2f73e6e59345c076ccde539713e2cf11ddc4b

    • SSDEEP

      98304:4frPajAM4CTaGBDXARrYmflD/wZ6DO8X6JRUxC69mmzvzBPTi0tAxVD6:4frPaF4CT3Pu26DO8KrgCYRzNhi0

    Score
    8/10
    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks