eagle.ltd.escorthcomputed24
xyz
General
-
Target
Google_Translate.apk
-
Size
2.1MB
-
MD5
4be0b77b5d09bcb871b4000d0cb2a98d
-
SHA1
4163e7366796af17f4a16c2a33a6898bee43c004
-
SHA256
1513a5aac5596f5fca1505128ac78f77f2648ac392a6584d54dbd3760ae85f5d
-
SHA512
ae2d7a9979e115eb2affb4606eb992f528f239f0ea6b380b16d870713bb4076ca6a1022ed4f2f570c9a962b4dbddb79d97ef883f3c64ca4c8f68e384715dc9fa
-
SSDEEP
49152:T1TO8HlXi/Sx2ZLkjuHS+B7hcSx2ZLkjuHS+B7daP:hSulyK0ZLPZ0ZLPRu
Score
10/10
Malware Config
Extracted
Family
spynote
C2
159.100.9.47:8080
Signatures
-
Spynote family
-
Declares services with permission to bind to the system 1 IoCs
-
Requests dangerous framework permissions 16 IoCs
Files
-
Google_Translate.apk
eagle.ltd.premium
eagle.ltd.incurredvokhloungeg3
Android Permissions
Google_Translate.apk
Permissions
android.permission.FOREGROUND_SERVICE
android.permission.READ_SMS
android.permission.SEND_SMS
android.permission.READ_CALL_LOG
android.permission.READ_CONTACTS
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.GET_ACCOUNTS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.CAMERA
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECORD_AUDIO
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.CALL_PHONE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.SET_WALLPAPER
android.permission.USE_FULL_SCREEN_INTENT
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
android.permission.REQUEST_DELETE_PACKAGES
android.permission.PACKAGE_USAGE_STATS