General

  • Target

    a13a7fd881495023b53196c43c1ffb95b086076ec74b243a5ecaed27935af84f.bin

  • Size

    760KB

  • Sample

    240411-1w2jrshg2t

  • MD5

    be696408e34c8e7d2d700faa5bded54f

  • SHA1

    83fad51996b602dc0bfac42e7ff1306dbe9f4b15

  • SHA256

    a13a7fd881495023b53196c43c1ffb95b086076ec74b243a5ecaed27935af84f

  • SHA512

    ac18ce1f28e217fbbbea5677c5536df7b963ea8a20c69dc99b32f357c19ceaaee56258f254943d056dc7ec78af8c047b5e55c08acf3253217edc375d9bb9d56a

  • SSDEEP

    12288:crAzTWJ6sgRALzJxtqfl4W5WmpYshXZPbGwidNpg90:crZJ6sjLzJ6fl4W5WmD9idNpp

Malware Config

Extracted

Family

spynote

C2

192.168.1.224:9999

Targets

    • Target

      a13a7fd881495023b53196c43c1ffb95b086076ec74b243a5ecaed27935af84f.bin

    • Size

      760KB

    • MD5

      be696408e34c8e7d2d700faa5bded54f

    • SHA1

      83fad51996b602dc0bfac42e7ff1306dbe9f4b15

    • SHA256

      a13a7fd881495023b53196c43c1ffb95b086076ec74b243a5ecaed27935af84f

    • SHA512

      ac18ce1f28e217fbbbea5677c5536df7b963ea8a20c69dc99b32f357c19ceaaee56258f254943d056dc7ec78af8c047b5e55c08acf3253217edc375d9bb9d56a

    • SSDEEP

      12288:crAzTWJ6sgRALzJxtqfl4W5WmpYshXZPbGwidNpg90:crZJ6sjLzJ6fl4W5WmD9idNpp

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Matrix

Tasks