Overview

overview

10

Static

static

10

ready.apk

android-13-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ready.apk

  • Size

    8.5MB

  • Sample

    240528-wancsseh63

  • MD5

    bce84c16a85bc8313dd54f8ad0e1dadd

  • SHA1

    878c4e9048d687acda2e9b98e9b527b551ce2b61

  • SHA256

    40fa96521833b363e9a79eebc3586c1a1b5d0428e968a5a4850e743fe5487e56

  • SHA512

    079850e4cc179a9b01fc139e1be9779fdaee6f2801194c8b5edfc4f0ed2df55d3c8bf98ef124f87e400c5402e79eed99363a4f8ece812de25f33a492108a0d13

  • SSDEEP

    49152:iUnuwZggIdrwVuBLGN9afkp1+itN0H931LmzzzdGGvQTOZBUFYqT0cgYIJW8:Xu1A8gN9aq1ZNm1LmzzzBITJ0tYB8

Score
10/10
spynoteandroidcollectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Extracted

Family

spynote

C2

81.65.118.205:7771

Targets

    • Target

      ready.apk

    • Size

      8.5MB

    • MD5

      bce84c16a85bc8313dd54f8ad0e1dadd

    • SHA1

      878c4e9048d687acda2e9b98e9b527b551ce2b61

    • SHA256

      40fa96521833b363e9a79eebc3586c1a1b5d0428e968a5a4850e743fe5487e56

    • SHA512

      079850e4cc179a9b01fc139e1be9779fdaee6f2801194c8b5edfc4f0ed2df55d3c8bf98ef124f87e400c5402e79eed99363a4f8ece812de25f33a492108a0d13

    • SSDEEP

      49152:iUnuwZggIdrwVuBLGN9afkp1+itN0H931LmzzzdGGvQTOZBUFYqT0cgYIJW8:Xu1A8gN9aq1ZNm1LmzzzBITJ0tYB8

    Score
    8/10
    collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

      executionpersistence
    behavioral1

MITRE ATT&CK Mobile v15

Tasks