Analysis
-
max time kernel
366s -
max time network
382s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system -
submitted
25-03-2024 18:10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/d30u711rj7w1kpm/ready.apk/file
Resource
android-x64-20240221-en
General
-
Target
https://www.mediafire.com/file/d30u711rj7w1kpm/ready.apk/file
Malware Config
Extracted
spynote
83.30.40.183:6666
Signatures
-
Spynote
Spynote is a Remote Access Trojan first seen in 2017.
-
Reads the content of photos stored on the user's device. 1 TTPs 4 IoCs
Processes:
com.android.chromecom.android.chromecom.android.chromecom.android.chromedescription ioc process URI accessed for read content://media/external/images/media com.android.chrome URI accessed for read content://media/external/images/media com.android.chrome URI accessed for read content://media/external/images/media com.android.chrome URI accessed for read content://media/external/images/media com.android.chrome -
Declares broadcast receivers with permission to handle system events 1 IoCs
Processes:
description ioc Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN -
Declares services with permission to bind to the system 3 IoCs
Processes:
description ioc Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards). android.permission.BIND_INPUT_METHOD -
Requests dangerous framework permissions 15 IoCs
Processes:
description ioc Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to read the user's call log. android.permission.READ_CALL_LOG Allows an application to read the user's contacts data. android.permission.READ_CONTACTS Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS Required to be able to access the camera device. android.permission.CAMERA Allows an application to record audio. android.permission.RECORD_AUDIO Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES
Processes
-
com.android.chrome1⤵
- Reads the content of photos stored on the user's device.
PID:5017
-
com.android.chrome1⤵
- Reads the content of photos stored on the user's device.
PID:5361
-
com.android.chrome1⤵
- Reads the content of photos stored on the user's device.
PID:5638
-
com.android.chrome1⤵
- Reads the content of photos stored on the user's device.
PID:6032
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
325KB
MD56d9c5883a6c159f108455b19037c359e
SHA181a9340f7302921b26bce4e08e53cd0c1bdbd11c
SHA256bc58995e340b450774576d19f7b5764c8a5296b306c99e513302e8e318cd2784
SHA512305aa7daae5ee3dbdb0149e26f5e0dc2c317a2aaf8b28406f375d1a13b4733aa5d4d301561112ab59eae13157337d32816081c9237560662b46947d2388e2502
-
Filesize
327KB
MD52dd6b09fd0bb963824f60cd1829e72ab
SHA163d6d1e72589c1c81e3f812662a7ef4525a30f3a
SHA25629a4f193936b58ded597b2cc914a5a2aa41598eb679267e068134593fe6b0af6
SHA512a15ddfec3e7d1e03285dc16f700ef94db45e5cd3ac34221cdb9fb2c29cabd8936c64420f22c8c18081c7d51fd054193a8827dbe7441b99a8a177d62b12c6c972
-
Filesize
320KB
MD51f87977b94c51f7b8ab6a954ea1f7620
SHA183902a250bdc4856dc4fe7d2b4a29d0f85977484
SHA2569b95854d18f7cf0b9bceb3b63d39df88bd322499de4a222d5f0ef218c6e62e79
SHA51261694cf63c1b316c56d93425134cffed78e1af857b07d46b2d6179f5d019e240a1b4cf6a725cba0af688411a6ec684d6c2bcbd111663cfb44a173381cc3091f4
-
Filesize
1.9MB
MD5668bf1092550455df61108228ebc2d50
SHA1eaae1fe1f8b3f71fabf632929add4461dcec505a
SHA256accb0cdb8ea7370e5ab75f2277cd5d302f1ddce36850c1018e124a8d4196d97d
SHA51234f183762725260aba52f0ab3456727d4bacbc5b19e057df12351e00eafd009025d4a672ef75857ed841c601b7123a089005c2f6f1b625a455c17afaa72184d6
-
Filesize
4.6MB
MD5dcee97a590fedde0ce60944d7fd62477
SHA182664a4d6870087385ef598bf1fa2f58f4d74269
SHA256ca564818231e1175d73519b6af9b2413864c81fe756767f5871cf166e3104f44
SHA512db00b42688cfb09f15d4fc4df2a5298224b5ae02a3c22321274fbab0d22ad5deb294c56a7cce7983d668951b267bc267fffcd0b0c8e05a0899f92964ba3b7528