spynote | f2acb6740791e15b8086de7c0bb6ee90f2e00bab5bed6dc82b81684b40b83deb

General

Target

ready-2.apk
Size

2.7MB
Sample

231201-m1enxahb92
MD5

6dde5d8fa11308ceef69e4fb2a2309ae
SHA1

da48756f5b41c954e9532e4a8c99091b65ac83fc
SHA256

f2acb6740791e15b8086de7c0bb6ee90f2e00bab5bed6dc82b81684b40b83deb
SHA512

371843d98087e938745b3ea9a50bd21b590c3737c98d55c17315e96bf16140a4bad487426b30154cf5b8a5539525517366b929fe9fd24f4574ed40f5849f9c60
SSDEEP

49152:ebF1MIp8lMlTRaJdSIjAfZOb29BKN9dALbQ7R4ChN/3IKadGGD4aIzkq8Deix9n:ebF7p86lNauU6ZOb290GLbdChVGD4aIM

Score

10^/10

Malware Config

Extracted

Family

spynote

C2

jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:jamshid5614-20590.portmap.host:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590:20590

Targets

- Target
  
  ready-2.apk
- Size
  
  2.7MB
- MD5
  
  6dde5d8fa11308ceef69e4fb2a2309ae
- SHA1
  
  da48756f5b41c954e9532e4a8c99091b65ac83fc
- SHA256
  
  f2acb6740791e15b8086de7c0bb6ee90f2e00bab5bed6dc82b81684b40b83deb
- SHA512
  
  371843d98087e938745b3ea9a50bd21b590c3737c98d55c17315e96bf16140a4bad487426b30154cf5b8a5539525517366b929fe9fd24f4574ed40f5849f9c60
- SSDEEP
  
  49152:ebF1MIp8lMlTRaJdSIjAfZOb29BKN9dALbQ7R4ChN/3IKadGGD4aIzkq8Deix9n:ebF7p86lNauU6ZOb290GLbdChVGD4aIM
Score

8^/10

discovery evasion
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

1

T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Makes use of the framework's Accessibility service.

Acquires the wake lock.

Creates a large amount of network flows

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3