General

  • Target

    3276943dafdd603863aaf4b33a6ea3569dba91b1fac81b6bb4b454ffbe99e936.apk

  • Size

    748KB

  • Sample

    240514-r3yl1sbe88

  • MD5

    bf22cb5e4bc8cac7a1ddbb6dfc9077d3

  • SHA1

    4076df1e93acf64e48c41428a7468f097eb312ca

  • SHA256

    3276943dafdd603863aaf4b33a6ea3569dba91b1fac81b6bb4b454ffbe99e936

  • SHA512

    44c877ba36b97735fc9b04e0f74d10e9f462e4275ca06e597375c2fb7db3c4f67e275c51f97a3af7bff071644ad76a53b24d0daedc1d6df918f3453e8428bf26

  • SSDEEP

    12288:6JS+a1a8Lzey5N0VHJ5Jz5WmpYshXZPbGwidNpg/:kXa1ameyH017Jz5WmD9idNpA

Malware Config

Extracted

Family

spynote

C2

4.194.25.153:5214

Targets

    • Target

      3276943dafdd603863aaf4b33a6ea3569dba91b1fac81b6bb4b454ffbe99e936.apk

    • Size

      748KB

    • MD5

      bf22cb5e4bc8cac7a1ddbb6dfc9077d3

    • SHA1

      4076df1e93acf64e48c41428a7468f097eb312ca

    • SHA256

      3276943dafdd603863aaf4b33a6ea3569dba91b1fac81b6bb4b454ffbe99e936

    • SHA512

      44c877ba36b97735fc9b04e0f74d10e9f462e4275ca06e597375c2fb7db3c4f67e275c51f97a3af7bff071644ad76a53b24d0daedc1d6df918f3453e8428bf26

    • SSDEEP

      12288:6JS+a1a8Lzey5N0VHJ5Jz5WmpYshXZPbGwidNpg/:kXa1ameyH017Jz5WmD9idNpA

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Matrix

Tasks