General
-
Target
SNS_24.apk
-
Size
7.2MB
-
Sample
240322-wkhkasgh91
-
MD5
da6f538294ce7f79e17acd65a8a2a0de
-
SHA1
2ae33b52c49a819e3fa4875a6e2178d232d344fb
-
SHA256
a79ebbd3eb73942b0e4c430f50b0dca4a30d51abffa4671b8baba1d1d2786a4e
-
SHA512
6aa6cbdb1e8ab6204bef5a8ccfc85448d67d46dd1c7b3375f3c5b3c7010f4015db1e02b0c132d715319ec21344df24ca525a1086a637602cd640b6be39afe209
-
SSDEEP
98304:eKefDhiwzjxcMlmzWTx0tfzBs01ev7UOkjYKJyQPsZxIlW+T8XU8DRQAiE8bTSlP:nefc8yMIz2OrAU9YAsZxcy6AiEF
Malware Config
Extracted
spynote
81.161.229.3:7771
Targets
-
-
Target
SNS_24.apk
-
Size
7.2MB
-
MD5
da6f538294ce7f79e17acd65a8a2a0de
-
SHA1
2ae33b52c49a819e3fa4875a6e2178d232d344fb
-
SHA256
a79ebbd3eb73942b0e4c430f50b0dca4a30d51abffa4671b8baba1d1d2786a4e
-
SHA512
6aa6cbdb1e8ab6204bef5a8ccfc85448d67d46dd1c7b3375f3c5b3c7010f4015db1e02b0c132d715319ec21344df24ca525a1086a637602cd640b6be39afe209
-
SSDEEP
98304:eKefDhiwzjxcMlmzWTx0tfzBs01ev7UOkjYKJyQPsZxIlW+T8XU8DRQAiE8bTSlP:nefc8yMIz2OrAU9YAsZxcy6AiEF
Score10/10-
Spynote
Spynote is a Remote Access Trojan first seen in 2017.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-