General
-
Target
client.apk
-
Size
80.2MB
-
Sample
240323-nf95raac2w
-
MD5
f85233d95dbececd20ca40f00a7e5cdd
-
SHA1
d3f0ffa097665e258f102ff70063c87b3ca964b7
-
SHA256
e98a8f8ba020b53e2999b4784d53e462edece22ea32f7413a94b825669f31ec1
-
SHA512
4938bc2d53232385a602ba0403f4ef821d90b46dd9e09f022188f871b9b54a4069bae62eb0c083134d3e5343cccd6485cfc854db363245e5b2f1f6d3b8870279
-
SSDEEP
1572864:+CsR7MfORqjlUL+XV/+BBC3EXnhvSkKZDMq8PUAAcl6puM2Mh7ga5N7I5YM:fDORqjly+XVGeknhUZDMqMAQah7ga5Yz
Behavioral task
behavioral1
Sample
client.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
client.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
client.apk
Resource
android-x64-arm64-20240221-en
Malware Config
Extracted
spynote
0.tcp.eu.ngrok.io:17599
Targets
-
-
Target
client.apk
-
Size
80.2MB
-
MD5
f85233d95dbececd20ca40f00a7e5cdd
-
SHA1
d3f0ffa097665e258f102ff70063c87b3ca964b7
-
SHA256
e98a8f8ba020b53e2999b4784d53e462edece22ea32f7413a94b825669f31ec1
-
SHA512
4938bc2d53232385a602ba0403f4ef821d90b46dd9e09f022188f871b9b54a4069bae62eb0c083134d3e5343cccd6485cfc854db363245e5b2f1f6d3b8870279
-
SSDEEP
1572864:+CsR7MfORqjlUL+XV/+BBC3EXnhvSkKZDMq8PUAAcl6puM2Mh7ga5N7I5YM:fDORqjly+XVGeknhUZDMqMAQah7ga5Yz
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Tries to add a device administrator.
-
Legitimate hosting services abused for malware hosting/C2
-