General
-
Target
46c4692cc21ab9efd8968e62eba409e946f1469c85fdd3a0efc8ff4c0a7c5a62.bin
-
Size
764KB
-
Sample
240417-1wpj7sfd87
-
MD5
89aaa304c5c4c966329d6bb083311d07
-
SHA1
4d5454fce70893d2b9ff72e196c5ac3114f9be6d
-
SHA256
46c4692cc21ab9efd8968e62eba409e946f1469c85fdd3a0efc8ff4c0a7c5a62
-
SHA512
0c7e238e9ffb2c8d46c01e316089da59be7c156246df04127a2935cf6357320d4d5574557b25a8449ff55606099fb51712845653be6ebc601343bdde116eeaa6
-
SSDEEP
12288:cdCMva1a8LVehS0MA5Btp5WmpYshXZPbGwidNpglF1:c5a1aKeh7Mktp5WmD9idNpa
Behavioral task
behavioral1
Sample
46c4692cc21ab9efd8968e62eba409e946f1469c85fdd3a0efc8ff4c0a7c5a62.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
46c4692cc21ab9efd8968e62eba409e946f1469c85fdd3a0efc8ff4c0a7c5a62.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
46c4692cc21ab9efd8968e62eba409e946f1469c85fdd3a0efc8ff4c0a7c5a62.apk
Resource
android-x64-arm64-20240221-en
Malware Config
Extracted
spynote
0.tcp.eu.ngrok.io:15517
Targets
-
-
Target
46c4692cc21ab9efd8968e62eba409e946f1469c85fdd3a0efc8ff4c0a7c5a62.bin
-
Size
764KB
-
MD5
89aaa304c5c4c966329d6bb083311d07
-
SHA1
4d5454fce70893d2b9ff72e196c5ac3114f9be6d
-
SHA256
46c4692cc21ab9efd8968e62eba409e946f1469c85fdd3a0efc8ff4c0a7c5a62
-
SHA512
0c7e238e9ffb2c8d46c01e316089da59be7c156246df04127a2935cf6357320d4d5574557b25a8449ff55606099fb51712845653be6ebc601343bdde116eeaa6
-
SSDEEP
12288:cdCMva1a8LVehS0MA5Btp5WmpYshXZPbGwidNpglF1:c5a1aKeh7Mktp5WmD9idNpa
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-
Tries to add a device administrator.
-
Legitimate hosting services abused for malware hosting/C2
-