General

  • Target

    16c6a4e7641df5cfea67144a2787230c.bin

  • Size

    507KB

  • MD5

    6b15ab2210039b613bd6ad6ea4233cdb

  • SHA1

    ca2f102919ec306d600d7f6562b0d342d8a878aa

  • SHA256

    c777791e1f9da5063fa0d0037713991171c7499bebc594834cb248e4a4c1ea35

  • SHA512

    0222c36524f2bc339014ef1d3bf088782e199d3bbb743531d6a7c864ebcc737c96e33219f91f00905b4a6ae9255ab46b445dcca8bd12fa6389127054f08ab409

  • SSDEEP

    12288:ZSHLYge3SOoZgKIVVN4WgYSb6Yr4EOArYk2HqDwu06+tQ:wHkn3SRZgKIRjgYSb6Yr4EOArYknh+q

Score
10/10

Malware Config

Extracted

Family

spynote

C2

4.194.25.153:5214

Signatures

  • Spynote family
  • Spynote payload 1 IoCs
  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 1 IoCs
  • Requests dangerous framework permissions 18 IoCs

Files

  • 16c6a4e7641df5cfea67144a2787230c.bin
    .zip

    Password: infected

  • 078cebddba654c215c01f04900987a34233bddbcc26696e1417b5d3cc6e90e35.apk
    .apk android

    Password: infected

    cmf0.c3b5bm90zq.patch

    cmf0.c3b5bm90zq.patch.C7