General
-
Target
2bfcc3c9c2dc37606db4e8ad26dfc9d32bc643d1897ee74a9c95beb89dd1f5ea.bin
-
Size
858KB
-
Sample
240509-1yah3agh61
-
MD5
fe0c257b3a13b4beeb50bf9f73931e60
-
SHA1
e71c5df6df75f44294ddbf28cedec192f5995c4b
-
SHA256
2bfcc3c9c2dc37606db4e8ad26dfc9d32bc643d1897ee74a9c95beb89dd1f5ea
-
SHA512
64a1c637247e400859ccc9bd5d59b382195482efd96ec17e392b2fec7926f00c2367c15a608037c60d0531e9b1778c0b3b099e1e6c972ba26902f528a9611ccf
-
SSDEEP
24576:okUfDa1ameK6VBPrIwi2AeN5WmD9idNpQ:PU7a1a+6/jI/2RWk0d/Q
Malware Config
Extracted
spynote
0.tcp.eu.ngrok.io:18656
Targets
-
-
Target
2bfcc3c9c2dc37606db4e8ad26dfc9d32bc643d1897ee74a9c95beb89dd1f5ea.bin
-
Size
858KB
-
MD5
fe0c257b3a13b4beeb50bf9f73931e60
-
SHA1
e71c5df6df75f44294ddbf28cedec192f5995c4b
-
SHA256
2bfcc3c9c2dc37606db4e8ad26dfc9d32bc643d1897ee74a9c95beb89dd1f5ea
-
SHA512
64a1c637247e400859ccc9bd5d59b382195482efd96ec17e392b2fec7926f00c2367c15a608037c60d0531e9b1778c0b3b099e1e6c972ba26902f528a9611ccf
-
SSDEEP
24576:okUfDa1ameK6VBPrIwi2AeN5WmD9idNpQ:PU7a1a+6/jI/2RWk0d/Q
Score8/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Requests enabling of the accessibility settings.
-
Tries to add a device administrator.
-