General
-
Target
240520-ymr8mahkzq_pw_infected.zip
-
Size
490KB
-
Sample
240520-ytek4sfa43
-
MD5
0786b0443dc7e661cd9d02e32fcc7d24
-
SHA1
bc6f02450fceffc7f71443ce6b4fad23d2e2d477
-
SHA256
6a775c7d85f5caa06e9e8a09aca77bedf597f953c1bc0309e53f29a1097d7afe
-
SHA512
b58e5417d8f40860828802c61cf2f8af2d0179df47e6763ea42bbc0c45dca8c79974c750f6fad1f210e043de5fff95d14934770febe3779df27408de00708154
-
SSDEEP
12288:Lq2DzYGCHbi/fniURp/ucXF0yV7D6dFXAUkML0Ak0o/t:LPDy7HUSfywdR90ANoV
Malware Config
Extracted
spynote
fffrrr.ddns.net:1143
Targets
-
-
Target
15be150e6bc0434a9fc865eefe840990d57fb63cb078c19abc45f79adf587f3b
-
Size
765KB
-
MD5
f348eaec5ad5c7fa51b0d0abb6d50cea
-
SHA1
a3d32e31451414db26b224e1f4900c5bb7d5350d
-
SHA256
15be150e6bc0434a9fc865eefe840990d57fb63cb078c19abc45f79adf587f3b
-
SHA512
d5c9c1140634c3af8562dd7001eadd12852b84235c02570e7bc2d8bff74b2beb7b0059a229a3a5db2caab9584cd67e7fb0d9e5eb42ef733394bec4ad97b80ce5
-
SSDEEP
12288:9BBZRvSaqKGkMzIlO5WmpYshXZPbGwidNpga:nBZR7qKXMzIlO5WmD9idNpd
Score8/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Removes its main activity from the application launcher
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Requests enabling of the accessibility settings.
-