Overview

overview

10

Static

static

10

ready.apk

android-10-x64

8

ready.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ready.apk

  • Size

    57.5MB

  • Sample

    240331-qz3acsdc54

  • MD5

    b85c789a80b3f6bd5910c4aed1c01716

  • SHA1

    563e68b24deb3f8bb6dff3c46cc861a48ea2bc73

  • SHA256

    7e575c15d833e5a86c3a8f15a184ab75ded1cbfd62fc564758d5a2afe5f2b9a3

  • SHA512

    897fc624d30d212b23ee61c8a47bbac741e466d7efe56116c8a9d4cd99dcbab40ff0f17254517710fdf2055a0a767dc6b12e4c962d1e3f1370c2a7bb174301e9

  • SSDEEP

    1572864:ebmKR/R2InCUVZbWEB7e0Uyxr8a3MAPfSbJ77m6x5:eXR2jU36DRyJOLbp7m6j

Score
10/10
spynoteandroidcollectionevasionpersistence

Malware Config

Extracted

Family

spynote

C2

cofira2508-23793.portmap.host:23793

Targets

    • Target

      ready.apk

    • Size

      57.5MB

    • MD5

      b85c789a80b3f6bd5910c4aed1c01716

    • SHA1

      563e68b24deb3f8bb6dff3c46cc861a48ea2bc73

    • SHA256

      7e575c15d833e5a86c3a8f15a184ab75ded1cbfd62fc564758d5a2afe5f2b9a3

    • SHA512

      897fc624d30d212b23ee61c8a47bbac741e466d7efe56116c8a9d4cd99dcbab40ff0f17254517710fdf2055a0a767dc6b12e4c962d1e3f1370c2a7bb174301e9

    • SSDEEP

      1572864:ebmKR/R2InCUVZbWEB7e0Uyxr8a3MAPfSbJ77m6x5:eXR2jU36DRyJOLbp7m6j

    Score
    8/10
    collectionevasionpersistence

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Acquires the wake lock

    • Declares services with permission to bind to the system

    • Requests dangerous framework permissions

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks