General
-
Target
d940ad081dc96a5f4ffbafefec18c555b8d87d614a4e3ca70b1a31cf556eaae3.apk
-
Size
18.3MB
-
Sample
240526-bk6xnshd5y
-
MD5
07ed741a1e81e4195cc4ea3cb2133429
-
SHA1
684cdab09bea6a26c3b1b7e7245d7e2f7210d9a0
-
SHA256
d940ad081dc96a5f4ffbafefec18c555b8d87d614a4e3ca70b1a31cf556eaae3
-
SHA512
28ae01320a760701fe823d951d287452199373cbff43eaa22b115504bd589c67d4ae77e83505bb81481fd81af548319b48f8c3559c6a00caa3d381cd8cd3b065
-
SSDEEP
98304:w4KIqPewOjq/uWNE26BjOm3bmzzzBBTh0t4K:JqPbAE6N5az/+n
Malware Config
Extracted
spynote
65.0.92.162:1337
Targets
-
-
Target
d940ad081dc96a5f4ffbafefec18c555b8d87d614a4e3ca70b1a31cf556eaae3.apk
-
Size
18.3MB
-
MD5
07ed741a1e81e4195cc4ea3cb2133429
-
SHA1
684cdab09bea6a26c3b1b7e7245d7e2f7210d9a0
-
SHA256
d940ad081dc96a5f4ffbafefec18c555b8d87d614a4e3ca70b1a31cf556eaae3
-
SHA512
28ae01320a760701fe823d951d287452199373cbff43eaa22b115504bd589c67d4ae77e83505bb81481fd81af548319b48f8c3559c6a00caa3d381cd8cd3b065
-
SSDEEP
98304:w4KIqPewOjq/uWNE26BjOm3bmzzzBBTh0t4K:JqPbAE6N5az/+n
Score8/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-