General
-
Target
ready.apk
-
Size
8.5MB
-
Sample
240526-aen91afe21
-
MD5
db209ee2d6b9cf5579d0ad0b064a7064
-
SHA1
11f974a6ab2c51835e104acd38773d49edb5bed6
-
SHA256
4b7ce3bf155c17636a7ea6684930e5314d5a5687d0e0fe58d95f747f1cd2f415
-
SHA512
e974732317c5500932176fc3dc56bd60bff091cd6815bb56010536d23172adb461ca4fe4b78484c2e1e855f9a3a22ff0284bd3552b7d3b8a8596e8ab55aa5c5f
-
SSDEEP
98304:b3rC2IxQ2IaohJfIH9DFCmzfzB4TA0tgUU:bbCXxQphJqBtzSrU
Malware Config
Extracted
spynote
Federico244-32964.portmap.host:32964
Targets
-
-
Target
ready.apk
-
Size
8.5MB
-
MD5
db209ee2d6b9cf5579d0ad0b064a7064
-
SHA1
11f974a6ab2c51835e104acd38773d49edb5bed6
-
SHA256
4b7ce3bf155c17636a7ea6684930e5314d5a5687d0e0fe58d95f747f1cd2f415
-
SHA512
e974732317c5500932176fc3dc56bd60bff091cd6815bb56010536d23172adb461ca4fe4b78484c2e1e855f9a3a22ff0284bd3552b7d3b8a8596e8ab55aa5c5f
-
SSDEEP
98304:b3rC2IxQ2IaohJfIH9DFCmzfzB4TA0tgUU:bbCXxQphJqBtzSrU
Score8/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Checks CPU information
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information
Checks memory information which indicate if the system is an emulator.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock
-
Checks if the internet connection is available
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-