General
-
Target
ready.apk
-
Size
3.7MB
-
Sample
240104-xxhw9shcdl
-
MD5
18dd86eccb7ee4796bf12eb6359a6389
-
SHA1
e4e6d32c59964280d83dddffcb59bc424d0fbdfa
-
SHA256
f42da00a548bc5bfae8514664424b595ef99e417bb3827e0a8ea417d5234928a
-
SHA512
0f3af65daa9b1ef51937bf4694f940da7674f4fbfbe4af30dc6962f1bfae0328d8a4ce329facf31b935fe3c7faa404f23860c7ca9ae69bfd5d47f53ceffe1370
-
SSDEEP
98304:CU4JB3khGshHzCwxGxHE4/LdsumzLzB9TG0tQqcR:oBkXGwxGxHE4/JspzzN6
Malware Config
Extracted
spynote
167.71.56.116:22799
Targets
-
-
Target
ready.apk
-
Size
3.7MB
-
MD5
18dd86eccb7ee4796bf12eb6359a6389
-
SHA1
e4e6d32c59964280d83dddffcb59bc424d0fbdfa
-
SHA256
f42da00a548bc5bfae8514664424b595ef99e417bb3827e0a8ea417d5234928a
-
SHA512
0f3af65daa9b1ef51937bf4694f940da7674f4fbfbe4af30dc6962f1bfae0328d8a4ce329facf31b935fe3c7faa404f23860c7ca9ae69bfd5d47f53ceffe1370
-
SSDEEP
98304:CU4JB3khGshHzCwxGxHE4/LdsumzLzB9TG0tQqcR:oBkXGwxGxHE4/JspzzN6
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-