spynote | a105aaf08fca29d9c9e9ea959330a8d505775138e6d1957efb7e70ed8173ec8f | Triage

Sharing

General

Target

13358806290.zip
Size

2.8MB
Sample

231206-j8p8tsch98
MD5

d75a166ff1792db96edb689583f36af1
SHA1

67944f733847c9b5c3e896954d882908deb2b5bd
SHA256

a105aaf08fca29d9c9e9ea959330a8d505775138e6d1957efb7e70ed8173ec8f
SHA512

569a80e5592ef150259fff834b9bbb0a73ed0e1c96feb83cd0699aebff179d6f07fd6ebcd6c13dc9bb99baa04792bf5b4aff839b589aa93f37186973b00814e1
SSDEEP

49152:tyYZe2XRI3/WHktFTBKG1eLt8cDX61wqkKoXZLJsOENpvwnlXE1YVMe6:tBI2yWHkt+weW2XaboXPsO+6nly5e6

Score

10^/10

spynote android evasion

Malware Config

Extracted

Family

spynote

C2

206.188.196.58:8585

Targets

- Target
  
  c1f2d43ac38e3bcf221a016c8a26de9881e5c1244441a8e9e891e2fa16df68de
- Size
  
  3.7MB
- MD5
  
  ea6d041d4ce8f712c04826c1fb1de8d7
- SHA1
  
  447f3a6265bf2e16476e50fe84c35a70de9490cb
- SHA256
  
  c1f2d43ac38e3bcf221a016c8a26de9881e5c1244441a8e9e891e2fa16df68de
- SHA512
  
  c85d426f3265a4af506225e76db1c9b0efff778ab95fafea1ba003ddaefa29d231d195539fdd79a15cc0b0e21cb1cb60f99981f40c1e6a3b37b3c6230f4cb48c
- SSDEEP
  
  49152:lHySLPmNObjqKiAu2nvMEaAmmPtLd/WvSmzczdGG5QTOy1UJYqX0cgIIfZik3l8:FbiNOq2nvvaVOZ/qSmzczB2Tm0tIIpl8
Score

8^/10

evasion
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3