General
-
Target
e4349991ce0a2ed6e2f58e2243a6d5b3c7a795b1f6d2dcdf8817fea0e826aedc.apk
-
Size
4.9MB
-
Sample
240526-bln39aaa89
-
MD5
18fbdb35e4cd08b87c4a271241a39253
-
SHA1
a421c7228f33c3587b06c4f0600534ca2fb77aaf
-
SHA256
e4349991ce0a2ed6e2f58e2243a6d5b3c7a795b1f6d2dcdf8817fea0e826aedc
-
SHA512
2be43d12480851e7301922714d99e9684b074e1e9f6ecb473da2ac1c795996ac53b8b3c056055ad645d8ca5ec2f5d87df00bac49b4ad294f66e797e7ee15d7f2
-
SSDEEP
98304:P6boJR1LlqF8oeDRUtcX+KcmWG5r5z6PS7pOks476zxMsgKk6nI+Vst8nx:ib4bDppJ5rAPSwf5gVeIAst8x
Behavioral task
behavioral1
Sample
e4349991ce0a2ed6e2f58e2243a6d5b3c7a795b1f6d2dcdf8817fea0e826aedc.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
e4349991ce0a2ed6e2f58e2243a6d5b3c7a795b1f6d2dcdf8817fea0e826aedc.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
e4349991ce0a2ed6e2f58e2243a6d5b3c7a795b1f6d2dcdf8817fea0e826aedc.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral4
Sample
childapp.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral5
Sample
childapp.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral6
Sample
childapp.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
spynote
botuser0.duckdns.org:1337
Targets
-
-
Target
e4349991ce0a2ed6e2f58e2243a6d5b3c7a795b1f6d2dcdf8817fea0e826aedc.apk
-
Size
4.9MB
-
MD5
18fbdb35e4cd08b87c4a271241a39253
-
SHA1
a421c7228f33c3587b06c4f0600534ca2fb77aaf
-
SHA256
e4349991ce0a2ed6e2f58e2243a6d5b3c7a795b1f6d2dcdf8817fea0e826aedc
-
SHA512
2be43d12480851e7301922714d99e9684b074e1e9f6ecb473da2ac1c795996ac53b8b3c056055ad645d8ca5ec2f5d87df00bac49b4ad294f66e797e7ee15d7f2
-
SSDEEP
98304:P6boJR1LlqF8oeDRUtcX+KcmWG5r5z6PS7pOks476zxMsgKk6nI+Vst8nx:ib4bDppJ5rAPSwf5gVeIAst8x
Score1/10 -
-
-
Target
childapp.apk
-
Size
18.3MB
-
MD5
051916df0c9afa5bb89b4d4771f291f7
-
SHA1
49fc19b18617e39f788b93846d679cfe4cc7963f
-
SHA256
61ef15e9eccee437915a643c86e7f5049bcee9c439360a0a9cd4818adb98fb26
-
SHA512
167bef68e5eb04f438d93a08e098ef1306d674ee252bd93a976732b4f1c1e8a036b9054ea2798052af57fc47315720753061f69f1280b76ec06349fe05a6f9c4
-
SSDEEP
98304:+jwaGeWClCZmcsPS75miKq0T0Q797HmzzzBGTr0t4d:PaZCZwPSYiKq0gY0zgUy
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Input Injection
1