General
-
Target
8144eeaea116db215dd811df846cc85faa5e0de0c3962f3b00d1455da3ee998e
-
Size
751KB
-
Sample
231220-d4c5taacgr
-
MD5
6bcd6ac6b151e1ec4edf847724a6cca7
-
SHA1
f2dc5d5be9a90e52b329827041caae42f5c15ed3
-
SHA256
8144eeaea116db215dd811df846cc85faa5e0de0c3962f3b00d1455da3ee998e
-
SHA512
67fc1f89da337c7f708adbf9f9ff43e005ef1548b37b337ae8a3fee9f371e57d16120b82b296122a4457c7536585273b0bd40580f5be7c87e0786151879b0f0d
-
SSDEEP
12288:KOkrJ6sgRQLz3Biw127J+mJ5WmpYshXZPbGwidNpgB:z0J6sjLz3B/18J+mJ5WmD9idNpe
Behavioral task
behavioral1
Sample
8144eeaea116db215dd811df846cc85faa5e0de0c3962f3b00d1455da3ee998e.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
8144eeaea116db215dd811df846cc85faa5e0de0c3962f3b00d1455da3ee998e.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
8144eeaea116db215dd811df846cc85faa5e0de0c3962f3b00d1455da3ee998e.apk
Resource
android-x64-arm64-20231215-en
Malware Config
Extracted
spynote
8.tcp.ngrok.io:12876
Targets
-
-
Target
8144eeaea116db215dd811df846cc85faa5e0de0c3962f3b00d1455da3ee998e
-
Size
751KB
-
MD5
6bcd6ac6b151e1ec4edf847724a6cca7
-
SHA1
f2dc5d5be9a90e52b329827041caae42f5c15ed3
-
SHA256
8144eeaea116db215dd811df846cc85faa5e0de0c3962f3b00d1455da3ee998e
-
SHA512
67fc1f89da337c7f708adbf9f9ff43e005ef1548b37b337ae8a3fee9f371e57d16120b82b296122a4457c7536585273b0bd40580f5be7c87e0786151879b0f0d
-
SSDEEP
12288:KOkrJ6sgRQLz3Biw127J+mJ5WmpYshXZPbGwidNpgB:z0J6sjLz3B/18J+mJ5WmD9idNpe
Score8/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Requests enabling of the accessibility settings.
-
Tries to add a device administrator.
-
Legitimate hosting services abused for malware hosting/C2
-