General

  • Target

    b890204676e576c0c4526bf97f763de665cdd611ee699cfde7a66102ef295bd8.bin

  • Size

    873KB

  • Sample

    240521-1xb1habg59

  • MD5

    5f342989fd4ddbd623dcfdbf74568338

  • SHA1

    e035419efe42673d3c490cb52d0a95df6fdd97db

  • SHA256

    b890204676e576c0c4526bf97f763de665cdd611ee699cfde7a66102ef295bd8

  • SHA512

    62a499aed1904ed450315577e096f34bd799479964585a3ddbf4bbb79ef6d60cd292f28aadf14f3b06a264df75de62937a81f3b0b5d9f6ea6e046d2a35c91b00

  • SSDEEP

    12288:EzZ5ZbLBa1a8LVe/AfFUUHCKjgUjBxWpi5WmpYshXZPbGwidNpgS:s9Fa1aKe4fFUMJjgUjepi5WmD9idNp5

Malware Config

Extracted

Family

spynote

C2

wj2314721.e2.luyouxia.net:24153

Targets

    • Target

      b890204676e576c0c4526bf97f763de665cdd611ee699cfde7a66102ef295bd8.bin

    • Size

      873KB

    • MD5

      5f342989fd4ddbd623dcfdbf74568338

    • SHA1

      e035419efe42673d3c490cb52d0a95df6fdd97db

    • SHA256

      b890204676e576c0c4526bf97f763de665cdd611ee699cfde7a66102ef295bd8

    • SHA512

      62a499aed1904ed450315577e096f34bd799479964585a3ddbf4bbb79ef6d60cd292f28aadf14f3b06a264df75de62937a81f3b0b5d9f6ea6e046d2a35c91b00

    • SSDEEP

      12288:EzZ5ZbLBa1a8LVe/AfFUUHCKjgUjBxWpi5WmpYshXZPbGwidNpgS:s9Fa1aKe4fFUMJjgUjepi5WmD9idNp5

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK Matrix

Tasks