General

  • Target

    5e25ac6030a6b50cf87a0d6e65f630d621d6a592359fb6d7ee208e36f4278788.bin

  • Size

    760KB

  • Sample

    240411-1wwcraed45

  • MD5

    5e35c849ae452c6c58209c2e52722bc6

  • SHA1

    7cc03c39ef1fc67f198acf30b727dd3767f334cc

  • SHA256

    5e25ac6030a6b50cf87a0d6e65f630d621d6a592359fb6d7ee208e36f4278788

  • SHA512

    28a9735f5e5015a678ac0622960177c9557e91a294737e6d8a2da748a4b3aa1c72390f51b4949bd2ff368c114141e2df04e05396ee7e2cfdcd288cf524a4703e

  • SSDEEP

    12288:ubyybha1a8LdeJN5w33ES5WmpYshXZPbGwidNpgot2:ubpa1a6eJ033ES5WmD9idNpb2

Malware Config

Extracted

Family

spynote

C2

0.tcp.ngrok.io:4444

Targets

    • Target

      5e25ac6030a6b50cf87a0d6e65f630d621d6a592359fb6d7ee208e36f4278788.bin

    • Size

      760KB

    • MD5

      5e35c849ae452c6c58209c2e52722bc6

    • SHA1

      7cc03c39ef1fc67f198acf30b727dd3767f334cc

    • SHA256

      5e25ac6030a6b50cf87a0d6e65f630d621d6a592359fb6d7ee208e36f4278788

    • SHA512

      28a9735f5e5015a678ac0622960177c9557e91a294737e6d8a2da748a4b3aa1c72390f51b4949bd2ff368c114141e2df04e05396ee7e2cfdcd288cf524a4703e

    • SSDEEP

      12288:ubyybha1a8LdeJN5w33ES5WmpYshXZPbGwidNpgot2:ubpa1a6eJ033ES5WmD9idNpb2

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Matrix

Tasks