General
-
Target
Xiaomi Service_pmp.apk
-
Size
18.3MB
-
Sample
240525-tn3zasab6w
-
MD5
07ed741a1e81e4195cc4ea3cb2133429
-
SHA1
684cdab09bea6a26c3b1b7e7245d7e2f7210d9a0
-
SHA256
d940ad081dc96a5f4ffbafefec18c555b8d87d614a4e3ca70b1a31cf556eaae3
-
SHA512
28ae01320a760701fe823d951d287452199373cbff43eaa22b115504bd589c67d4ae77e83505bb81481fd81af548319b48f8c3559c6a00caa3d381cd8cd3b065
-
SSDEEP
98304:w4KIqPewOjq/uWNE26BjOm3bmzzzBBTh0t4K:JqPbAE6N5az/+n
Behavioral task
behavioral1
Sample
Xiaomi Service_pmp.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
Xiaomi Service_pmp.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
Xiaomi Service_pmp.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
spynote
65.0.92.162:1337
Targets
-
-
Target
Xiaomi Service_pmp.apk
-
Size
18.3MB
-
MD5
07ed741a1e81e4195cc4ea3cb2133429
-
SHA1
684cdab09bea6a26c3b1b7e7245d7e2f7210d9a0
-
SHA256
d940ad081dc96a5f4ffbafefec18c555b8d87d614a4e3ca70b1a31cf556eaae3
-
SHA512
28ae01320a760701fe823d951d287452199373cbff43eaa22b115504bd589c67d4ae77e83505bb81481fd81af548319b48f8c3559c6a00caa3d381cd8cd3b065
-
SSDEEP
98304:w4KIqPewOjq/uWNE26BjOm3bmzzzBBTh0t4K:JqPbAE6N5az/+n
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Input Injection
1