General
-
Target
ready.apk
-
Size
1.9MB
-
Sample
240529-cfkpbaeh69
-
MD5
f061f5aa009dd10ecfb8928d0687fb05
-
SHA1
91dce81fba472a57d8eb58befbf3b6fff5e09c5d
-
SHA256
bcad0d4c0f96f584f00137d1d2632d600d2111e4b8174b8082d8426f45fc671e
-
SHA512
e086a0832e026771ea0e1b098a2cb08f06585a904a871fd58c751e553eb4304874a4abd046f1e2b984cedbdba120afb9f5c35fb2fc298080f63613c573003900
-
SSDEEP
12288:yEN0oTEGWkIRrc9N5eDWaW27a/7GiO6tZfCYnb:yA7TFlIRryebp7m7GiZfFb
Behavioral task
behavioral1
Sample
ready.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral2
Sample
ready.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
ready.apk
Resource
android-33-x64-arm64-20240514-en
Behavioral task
behavioral4
Sample
ready.apk
Resource
android-x86-arm-20240514-en
Malware Config
Extracted
spynote
sell-tales.gl.at.ply.gg:64678
Extracted
spynote
sell-tales.gl.at.ply.gg:64678
Targets
-
-
Target
ready.apk
-
Size
1.9MB
-
MD5
f061f5aa009dd10ecfb8928d0687fb05
-
SHA1
91dce81fba472a57d8eb58befbf3b6fff5e09c5d
-
SHA256
bcad0d4c0f96f584f00137d1d2632d600d2111e4b8174b8082d8426f45fc671e
-
SHA512
e086a0832e026771ea0e1b098a2cb08f06585a904a871fd58c751e553eb4304874a4abd046f1e2b984cedbdba120afb9f5c35fb2fc298080f63613c573003900
-
SSDEEP
12288:yEN0oTEGWkIRrc9N5eDWaW27a/7GiO6tZfCYnb:yA7TFlIRryebp7m7GiZfFb
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1