spynote | Injected [Bind] App[.]7z

General

Target

Injected [Bind] App.7z
Size

102.0MB
MD5

0c5902a62172840c6d0d6f59a7c72fce
SHA1

d9b320e2e9a1fbda7cebb9769142e67e6af48f70
SHA256

004a967ca1a3ff968b84ae932b31da62a7186a5dadb3e0662db799683cfe854a
SHA512

2046fcfd5d656d67472ae942eb8b72743834eade87c0bb9d15ab1794e966a59f3004b90fffc1fa4512dc6a0bef48e5cce8591d83e556233a7437cb13d37dd68d
SSDEEP

3145728:nlOHQlOZp0qWzewQk/iLWIDh04pfktWa9:lO/cp3/nIDmj

Score

10^/10

spynote

Malware Config

Extracted

Family

spynote

C2

147.185.221.17:42314

Extracted

Family

spynote

C2

147.185.221.17:42314

Signatures

Spynote family
spynote

Declares services with permission to bind to the system 1 IoCs

Processes:

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 17 IoCs

Processes:

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an application to collect component usage statistics.	android.permission.PACKAGE_USAGE_STATS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to send SMS messages.	android.permission.SEND_SMS

Files

Injected [Bind] App.7z
.7z
Injected [Bind] App/Termux_0.118.0_Apkpure.apk
.apk android arch:arm64 arch:arm arch:x86 arch:x64

com.termux

com.termux.app.TermuxActivity

Activities

ginom.alfa.lib.scan.eqwzpdygicolqlkejgbfhcbbs12

xyz

com.termux.app.TermuxActivity

android.intent.action.MAIN
android.intent.action.MAIN

com.termux.filepicker.TermuxFileReceiverActivity

android.intent.action.SEND
android.intent.action.VIEW

Permissions

android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WAKE_LOCK
android.permission.VIBRATE
android.permission.FOREGROUND_SERVICE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_LOGS
android.permission.DUMP
android.permission.WRITE_SECURE_SETTINGS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.PACKAGE_USAGE_STATS
android.permission.INTERNET
android.permission.READ_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RECORD_AUDIO
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_PHONE_STATE
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.CALL_PHONE
android.permission.SET_WALLPAPER
android.permission.PROCESS_OUTGOING_CALLS
android.permission.READ_SMS
android.permission.READ_CALL_LOG
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.CAMERA
android.permission.SEND_SMS
android.permission.ACCESS_DOWNLOAD_MANAGER
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.google.android.c2dm.permission.RECEIVE
android.permission.WRITE_MEDIA_STORAGE
android.permission.ACCESS_SUPERUSER

Receivers

ginom.alfa.lib.scan.SensorRestarterBroadcastReceiver

RestartSensor

ginom.alfa.lib.scan.ijjuwatbqcvvsbexianjqufhs11

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.USER_PRESENT
android.intent.action.LOCKED_BOOT_COMPLETED

ginom.alfa.lib.scan.RC

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_CHANGED

ginom.alfa.lib.scan.ijjuwatbqcvvsbexianjqufhs114

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.Intent.ACTION_USER_PRESENT

ginom.alfa.lib.scan._callr_lsnr_

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

Services

ginom.alfa.lib.scan.ijjuwatbqcvvsbexianjqufhs112

android.accessibilityservice.AccessibilityService

com.termux.app.RunCommandService

com.termux.RUN_COMMAND
Injected [Bind] App/ZArchiver_0.9.5.8.apk
.apk android arch:arm64

ru.zdevs.zarchiver

ru.zdevs.zarchiver.ZArchiver

Activities

ru.zdevs.zarchiver.ZArchiver

android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
ru.zdevs.zarchiver.action.EXTERNAL
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE

ru.zdevs.zarchiver.ZSelectFile

android.intent.action.GET_CONTENT
android.intent.action.OPEN_DOCUMENT

ru.zdevs.zarchiver.activity.ExtractDlg

android.intent.action.VIEW

Permissions

android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_MEDIA_STORAGE
android.permission.WAKE_LOCK
android.permission.ACCESS_SUPERUSER
android.permission.FOREGROUND_SERVICE
android.permission.REQUEST_INSTALL_PACKAGES
ru.zdevs.zarchiver.permission.PLUGIN.CLOUD
ru.zdevs.zarchiver.permission.PLUGIN.FTP
ru.zdevs.zarchiver.permission.PLUGIN.USB
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RECORD_AUDIO
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_PHONE_STATE
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.CALL_PHONE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.SET_WALLPAPER
android.permission.PROCESS_OUTGOING_CALLS
android.permission.READ_SMS
android.permission.READ_CALL_LOG
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.CAMERA
android.permission.SEND_SMS
android.permission.ACCESS_DOWNLOAD_MANAGER
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.google.android.c2dm.permission.RECEIVE

Receivers

com.andscan.betar.calcolator.AgreeingEngineering

android.intent.action.BOOT_COMPLETED

com.andscan.betar.calcolator.ReceversAnalys

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.Intent.ACTION_USER_PRESENT

com.andscan.betar.calcolator.MyReceiver

MyAction

Services

com.andscan.betar.calcolator.GPSCAN

android.accessibilityservice.AccessibilityService

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

com.termux

com.termux.app.TermuxActivity

Activities

ginom.alfa.lib.scan.eqwzpdygicolqlkejgbfhcbbs12

com.termux.app.TermuxActivity

com.termux.filepicker.TermuxFileReceiverActivity

Permissions

Receivers

ginom.alfa.lib.scan.SensorRestarterBroadcastReceiver

ginom.alfa.lib.scan.ijjuwatbqcvvsbexianjqufhs11

ginom.alfa.lib.scan.RC

ginom.alfa.lib.scan.ijjuwatbqcvvsbexianjqufhs114

ginom.alfa.lib.scan._callr_lsnr_

Services

ginom.alfa.lib.scan.ijjuwatbqcvvsbexianjqufhs112

com.termux.app.RunCommandService

ru.zdevs.zarchiver

ru.zdevs.zarchiver.ZArchiver

Activities

ru.zdevs.zarchiver.ZArchiver

ru.zdevs.zarchiver.ZSelectFile

ru.zdevs.zarchiver.activity.ExtractDlg

Permissions

Receivers

com.andscan.betar.calcolator.AgreeingEngineering

com.andscan.betar.calcolator.ReceversAnalys

com.andscan.betar.calcolator.MyReceiver

Services

com.andscan.betar.calcolator.GPSCAN