General

  • Target

    240520-ymr8mahkzq_pw_infected.zip

  • Size

    490KB

  • Sample

    240520-ytek4sfa43

  • MD5

    0786b0443dc7e661cd9d02e32fcc7d24

  • SHA1

    bc6f02450fceffc7f71443ce6b4fad23d2e2d477

  • SHA256

    6a775c7d85f5caa06e9e8a09aca77bedf597f953c1bc0309e53f29a1097d7afe

  • SHA512

    b58e5417d8f40860828802c61cf2f8af2d0179df47e6763ea42bbc0c45dca8c79974c750f6fad1f210e043de5fff95d14934770febe3779df27408de00708154

  • SSDEEP

    12288:Lq2DzYGCHbi/fniURp/ucXF0yV7D6dFXAUkML0Ak0o/t:LPDy7HUSfywdR90ANoV

Malware Config

Extracted

Family

spynote

C2

fffrrr.ddns.net:1143

Targets

    • Target

      15be150e6bc0434a9fc865eefe840990d57fb63cb078c19abc45f79adf587f3b

    • Size

      765KB

    • MD5

      f348eaec5ad5c7fa51b0d0abb6d50cea

    • SHA1

      a3d32e31451414db26b224e1f4900c5bb7d5350d

    • SHA256

      15be150e6bc0434a9fc865eefe840990d57fb63cb078c19abc45f79adf587f3b

    • SHA512

      d5c9c1140634c3af8562dd7001eadd12852b84235c02570e7bc2d8bff74b2beb7b0059a229a3a5db2caab9584cd67e7fb0d9e5eb42ef733394bec4ad97b80ce5

    • SSDEEP

      12288:9BBZRvSaqKGkMzIlO5WmpYshXZPbGwidNpga:nBZR7qKXMzIlO5WmD9idNpd

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Requests enabling of the accessibility settings.

MITRE ATT&CK Matrix

Tasks