General
-
Target
d7326f85e838f6298f5c9e8626d889c1a15757319754dc57d8703dff3f45c546.bin
-
Size
992KB
-
Sample
231121-1wth6agg99
-
MD5
cbaf2da6a483775b934faabd5b40bed6
-
SHA1
0ba2eb6661e6d7f03e0a2ef08ea75296990ac6fc
-
SHA256
d7326f85e838f6298f5c9e8626d889c1a15757319754dc57d8703dff3f45c546
-
SHA512
917b65d79f323c045bb7a39cc47e432de18cf3b942698fb2056d4bbad0be8d3ba8f7ff3102b078722a87c71ba609d028c910fa66edb06582f23c8101d1a4a6e3
-
SSDEEP
24576:BhzkORPhgzQc8RkQ4dh2iynuPyt9XktndMCngUPvJCYPMqlRnV:rRJgp8RkhdQiynq6XktndMfasYPMUV
Malware Config
Extracted
spynote
192.168.0.105:8080
Targets
-
-
Target
d7326f85e838f6298f5c9e8626d889c1a15757319754dc57d8703dff3f45c546.bin
-
Size
992KB
-
MD5
cbaf2da6a483775b934faabd5b40bed6
-
SHA1
0ba2eb6661e6d7f03e0a2ef08ea75296990ac6fc
-
SHA256
d7326f85e838f6298f5c9e8626d889c1a15757319754dc57d8703dff3f45c546
-
SHA512
917b65d79f323c045bb7a39cc47e432de18cf3b942698fb2056d4bbad0be8d3ba8f7ff3102b078722a87c71ba609d028c910fa66edb06582f23c8101d1a4a6e3
-
SSDEEP
24576:BhzkORPhgzQc8RkQ4dh2iynuPyt9XktndMCngUPvJCYPMqlRnV:rRJgp8RkhdQiynq6XktndMfasYPMUV
Score10/10-
Spynote
Spynote is a Remote Access Trojan first seen in 2017.
-
Makes use of the framework's Accessibility service.
-
Removes its main activity from the application launcher
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-