General
-
Target
ready.apk
-
Size
6.2MB
-
Sample
240328-m5zjwagg28
-
MD5
d2316e41b2734a84b1fb6ff9ec1f68eb
-
SHA1
45ed65afdeed4784f2c18fc7c6d286cad64c7c47
-
SHA256
25dde97099c25b3d6cecc60bdcc5b9354db721effcf60206ff767d8982173fc6
-
SHA512
c9d813072354d695299346a4f1e6dc2b542e2f4ad31b35ea4f37b477a11e46d908884f75f3b92e4aacb287dcf2fc8642295cfd5044afdf9148ff69bb52905098
-
SSDEEP
12288:/9KPUwAGI6GQNXpf2GiY5oyMSt+mW7WhDxQdTWdx21XQrzpMUIh6yXlHNhsodYeC:TtGRGm2OGEWah17xGXzphLH5dYRePcfx
Malware Config
Extracted
spynote
promptylol-31420.portmap.io:5950
Targets
-
-
Target
ready.apk
-
Size
6.2MB
-
MD5
d2316e41b2734a84b1fb6ff9ec1f68eb
-
SHA1
45ed65afdeed4784f2c18fc7c6d286cad64c7c47
-
SHA256
25dde97099c25b3d6cecc60bdcc5b9354db721effcf60206ff767d8982173fc6
-
SHA512
c9d813072354d695299346a4f1e6dc2b542e2f4ad31b35ea4f37b477a11e46d908884f75f3b92e4aacb287dcf2fc8642295cfd5044afdf9148ff69bb52905098
-
SSDEEP
12288:/9KPUwAGI6GQNXpf2GiY5oyMSt+mW7WhDxQdTWdx21XQrzpMUIh6yXlHNhsodYeC:TtGRGm2OGEWah17xGXzphLH5dYRePcfx
Score8/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-