Overview

overview

10

Static

static

10

Headshot G...re.apk

android-9-x86

8

Headshot G...re.apk

android-13-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Headshot GFX Tool and Sensitivity settings Guide_1.0_APKPure.apk

  • Size

    12.8MB

  • Sample

    240701-3xtlnaxgmd

  • MD5

    48ad3d33412a88bebab851a354217c9a

  • SHA1

    3fb058952db67b84663edacb51057d3c0e532585

  • SHA256

    218824ecd6fe20e95ac7fa99e410664afe92576e40c40f55ea16ec53118f964f

  • SHA512

    4d6935792a8813694e3dcf4c6361b3b072e4cc02f0224a823134530ac266b7ac9617da5b3c0359584311b97255fc0e14bebf5836487ba3f68e2a95162b693c42

  • SSDEEP

    393216:t7d0n7G3tfaLMHRG7oODZgNLlKLDE4NDWp:t7d27G3tiYHRUZEKbNap

Score
10/10
smswormspynoteandroidcollectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Extracted

Family

spynote

C2

people-climbing.gl.at.ply.gg:54251

Targets

    • Target

      Headshot GFX Tool and Sensitivity settings Guide_1.0_APKPure.apk

    • Size

      12.8MB

    • MD5

      48ad3d33412a88bebab851a354217c9a

    • SHA1

      3fb058952db67b84663edacb51057d3c0e532585

    • SHA256

      218824ecd6fe20e95ac7fa99e410664afe92576e40c40f55ea16ec53118f964f

    • SHA512

      4d6935792a8813694e3dcf4c6361b3b072e4cc02f0224a823134530ac266b7ac9617da5b3c0359584311b97255fc0e14bebf5836487ba3f68e2a95162b693c42

    • SSDEEP

      393216:t7d0n7G3tfaLMHRG7oODZgNLlKLDE4NDWp:t7d27G3tiYHRUZEKbNap

    Score
    8/10
    collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Process Discovery

1
T1424

System Information Discovery

3
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Input Injection

1
T1516

Tasks