General
-
Target
com.apk
-
Size
3.5MB
-
Sample
240521-f9e8gadd4y
-
MD5
aa352c5e70e0df6074e373eddb240d7c
-
SHA1
4100b9636a6506285beece6c0aa3ee8010ac05ff
-
SHA256
a2f0430bebf1a55da1d7aab31021a90b49290df5bead76ee49f27ee37bd1e03a
-
SHA512
54a74fc04c7833a719c020f6749f06d3b2c04a3acc9eea4d5f273c9d6ef59ed9105cb2192edd66a07178612dadfcd347a25ad5fa3bf2df1f5e42aef08bd27d6e
-
SSDEEP
98304:NxNsEwd3hahGKBS32sVBA3S9yEz0l19oDoZ:5hQahGKBhsVBkq167og
Behavioral task
behavioral1
Sample
com.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
daemon.apk
Resource
android-x86-arm-20240514-en
Malware Config
Extracted
wyrmspy
8.1121.0
https://8.219.55.216:443/control/
Targets
-
-
Target
com.apk
-
Size
3.5MB
-
MD5
aa352c5e70e0df6074e373eddb240d7c
-
SHA1
4100b9636a6506285beece6c0aa3ee8010ac05ff
-
SHA256
a2f0430bebf1a55da1d7aab31021a90b49290df5bead76ee49f27ee37bd1e03a
-
SHA512
54a74fc04c7833a719c020f6749f06d3b2c04a3acc9eea4d5f273c9d6ef59ed9105cb2192edd66a07178612dadfcd347a25ad5fa3bf2df1f5e42aef08bd27d6e
-
SSDEEP
98304:NxNsEwd3hahGKBS32sVBA3S9yEz0l19oDoZ:5hQahGKBhsVBkq167og
-
WyrmSpy
WyrmSpy is an Android spyware used by APT41 group first seen in 2017.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the contacts stored on the device.
-
Reads the content of the call log.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Reads information about phone network operator.
-
-
-
Target
daemon.apk
-
Size
5.1MB
-
MD5
0443d4fc2d9ad56f9a8411ede1198d34
-
SHA1
38075a13e881690a7d8733710cc557556edf36cb
-
SHA256
ed61b5068e0af65cb3a53036e04672b1bc409e4c16019711e259023e9a928473
-
SHA512
188c04c3286c5bb3a7a0c23918d5527465ea26ed85eabdeede3fc54aa711f20b6abb21d359dfce547b3f384c90d58cf7c32c7235b287b73710c39f2816b72866
-
SSDEEP
98304:em29MwwcRrnSN+2GRfYJWO+fDkL+Ey1qe6SsYO:e37weRfpO0D43Y6SZO
Score8/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-