General
-
Target
7466b3b44b7a0f999f6c45b07035390c8626b0b377d510f4ff570d9d8d7c3aca.bin
-
Size
760KB
-
Sample
240324-1xs9saca9z
-
MD5
203f6cda81e63bce4e28d3dc98f9125f
-
SHA1
b9d1b926d9edf60d2f14b85632c93b4fdc15d198
-
SHA256
7466b3b44b7a0f999f6c45b07035390c8626b0b377d510f4ff570d9d8d7c3aca
-
SHA512
42d4714673c4338aabc3ab8eb01302bf6ab56538dd8c1010563ca1d99c806c8b93a59fe39d307224b6d1453eb8aceb022d991e7df79f1f0dd44f0b6c40e46810
-
SSDEEP
12288:FSDPaa1a8LVe2HgJc71l5WmpYshXZPbGwidNpgms:FSma1aKe2Ic71l5WmD9idNpFs
Malware Config
Extracted
spynote
harbimilaaa.duckdns.org:1337
Targets
-
-
Target
7466b3b44b7a0f999f6c45b07035390c8626b0b377d510f4ff570d9d8d7c3aca.bin
-
Size
760KB
-
MD5
203f6cda81e63bce4e28d3dc98f9125f
-
SHA1
b9d1b926d9edf60d2f14b85632c93b4fdc15d198
-
SHA256
7466b3b44b7a0f999f6c45b07035390c8626b0b377d510f4ff570d9d8d7c3aca
-
SHA512
42d4714673c4338aabc3ab8eb01302bf6ab56538dd8c1010563ca1d99c806c8b93a59fe39d307224b6d1453eb8aceb022d991e7df79f1f0dd44f0b6c40e46810
-
SSDEEP
12288:FSDPaa1a8LVe2HgJc71l5WmpYshXZPbGwidNpgms:FSma1aKe2Ic71l5WmD9idNpFs
Score8/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-
Tries to add a device administrator.
-