General
-
Target
Cópia de Avast-Antivirus-br.apk
-
Size
6.4MB
-
Sample
240326-xbg3vacb8v
-
MD5
31634a843ee1f1a3aca9b76016417995
-
SHA1
baf0f409000ab3063928e988382f3b197c18f598
-
SHA256
4ae68d9dd21de0842f529016e1ea3d2da4a357c12706836f0ee164de87d3b598
-
SHA512
d45d9fd4a227c3e1324b708cad7eaf1a568cf539b751e3ebf8930838f5a97406aca5d10e25b56c70b6ff0165e2025abcd58f446a4c1f9acc70629c6a64e35940
-
SSDEEP
196608:kIynX51mBXoN0pQuLdSjChDIgSq1cM+Cr4u++d4:Dh9oN0qmCgSacBe++i
Malware Config
Extracted
spynote
192.248.176.196:9998
Targets
-
-
Target
Cópia de Avast-Antivirus-br.apk
-
Size
6.4MB
-
MD5
31634a843ee1f1a3aca9b76016417995
-
SHA1
baf0f409000ab3063928e988382f3b197c18f598
-
SHA256
4ae68d9dd21de0842f529016e1ea3d2da4a357c12706836f0ee164de87d3b598
-
SHA512
d45d9fd4a227c3e1324b708cad7eaf1a568cf539b751e3ebf8930838f5a97406aca5d10e25b56c70b6ff0165e2025abcd58f446a4c1f9acc70629c6a64e35940
-
SSDEEP
196608:kIynX51mBXoN0pQuLdSjChDIgSq1cM+Cr4u++d4:Dh9oN0qmCgSacBe++i
Score1/10 -
-
-
Target
childapp.apk
-
Size
3.7MB
-
MD5
7a49bb6c08b7c390a73cf49e139037fd
-
SHA1
c290545a14118537a1136ed1ca63daa37e19cafa
-
SHA256
641c2ec268b01a91c57d84ebe1a9c9fafb24a258406ea6bf6d542d1b4c5296c7
-
SHA512
95905b1e8d92c2f45e14e9b8d6871a74d6d0d010d60cdf641ddfa6f62f45a2089ab19c24824876a230ed53a223d160647ee959615455181721f41c9908121954
-
SSDEEP
98304:zZOevPO5GOCsmqyF77KmznzB+Ty0t8sL6z:zPvxNsmqAlz4xy
Score8/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Removes its main activity from the application launcher
-
Requests enabling of the accessibility settings.
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-