spynote | temp[.]apk

General

Target

temp.apk
Size

1.9MB
MD5

c082c76535ff78447e0f04d690b3b39c
SHA1

fdadbd8f33515c2e6574f3452b8bca4a2d729852
SHA256

0126bc37881a4e9c1a09977e7725d48612b4ad61db03c9769373a63ced166e55
SHA512

d14df8e7af2d6170eaff2f37bf6142e11382ec83f5bd525c0c00d1ac8d5e9ef6bed588e53b6c8aae23fb6b9a62451eb8b4a146448a43a28ddbc21627bc0be00b
SSDEEP

12288:EiJAXtHh4/IRWX4sZN9FPrdW3Mbo8GEvQ1k+SQZn8:ETXtHmIRGfRr9o88k+Sq8

Score

10^/10

spynote

Malware Config

Extracted

Family

spynote

C2

sitedesenho.ddns.net:7771

Extracted

Family

spynote

C2

sitedesenho.ddns.net:7771

Signatures

Spynote family
spynote

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards).	android.permission.BIND_INPUT_METHOD

Requests dangerous framework permissions 6 IoCs

description	ioc
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES

Files

temp.apk
.apk android

Password: bratsrat

roman.landscape.template

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.whvtofkknzchzqsemgqjtztxkfwyyjmtxbovrzoefdrwnqqxmw20

Activities

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.whvtofkknzchzqsemgqjtztxkfwyyjmtxbovrzoefdrwnqqxmw20

android.intent.action.VIEW

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.imbzuudlxmijbmwdowvbhkkuuwdhlsvvhenkfmcgvpzvhnuaci14_CA

xyz

Permissions

android.permission.SEND_SMS
android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.BACKGROUND_ACTIVITY_STARTER
android.permission.RECEIVE_BOOT_COMPLETED
oppo.permission.OPPO_COMPONENT_SAFE
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT

Receivers

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.cttsxwieviytffzxzflqhinbtojbkeotxwhboajxvuqjgoccca5.SRuxbmmguptjyiisyiwgcffxntkehwobylxujvlrqcumymbjqdlo74B

RestartSensor

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.cttsxwieviytffzxzflqhinbtojbkeotxwhboajxvuqjgoccca5.uxbmmguptjyiisyiwgcffxntkehwobylxujvlrqcumymbjqdlo7

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.USER_PRESENT
android.intent.action.LOCKED_BOOT_COMPLETED

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.cttsxwieviytffzxzflqhinbtojbkeotxwhboajxvuqjgoccca5.imbzuudlxmijbmwdowvbhkkuuwdhlsvvhenkfmcgvpzvhnuaci14_RC

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_CHANGED

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.cttsxwieviytffzxzflqhinbtojbkeotxwhboajxvuqjgoccca5.uxbmmguptjyiisyiwgcffxntkehwobylxujvlrqcumymbjqdlo74

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.Intent.ACTION_USER_PRESENT
android.intent.action.USER_PRESENT

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.uvejichyfqeeishnbatokxdhumcaqsucfmqvystziktgyxjeog33

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.cttsxwieviytffzxzflqhinbtojbkeotxwhboajxvuqjgoccca5.uxbmmguptjyiisyiwgcffxntkehwobylxujvlrqcumymbjqdlo7_AR

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.ACTION_PASSWORD_CHANGED
android.app.action.ACTION_PASSWORD_FAILED
android.app.action.ACTION_PASSWORD_SUCCEEDED

Services

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.aowqzcyqfdkagjddtviokdldhljduqldueprbqgjlaabiyiczk3.uxbmmguptjyiisyiwgcffxntkehwobylxujvlrqcumymbjqdlo72

android.accessibilityservice.AccessibilityService

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.aowqzcyqfdkagjddtviokdldhljduqldueprbqgjlaabiyiczk3.Sbrjsygkoysfevzlwewubdanjhoilabhgwiutjatwhorbiadkmd6IME

android.view.InputMethod

Android Permissions

temp.apk

Permissions

android.permission.SEND_SMS

android.permission.DISABLE_KEYGUARD

android.permission.FOREGROUND_SERVICE

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.BACKGROUND_ACTIVITY_STARTER

android.permission.RECEIVE_BOOT_COMPLETED

oppo.permission.OPPO_COMPONENT_SAFE

android.permission.INTERNET

android.permission.SYSTEM_ALERT_WINDOW

android.permission.READ_PHONE_STATE

android.permission.WAKE_LOCK

com.android.alarm.permission.SET_ALARM

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

com.android.launcher.permission.INSTALL_SHORTCUT

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.REQUEST_DELETE_PACKAGES

android.permission.USE_FULL_SCREEN_INTENT

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

Password: bratsrat

roman.landscape.template

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.whvtofkknzchzqsemgqjtztxkfwyyjmtxbovrzoefdrwnqqxmw20

Activities

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.whvtofkknzchzqsemgqjtztxkfwyyjmtxbovrzoefdrwnqqxmw20

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.imbzuudlxmijbmwdowvbhkkuuwdhlsvvhenkfmcgvpzvhnuaci14_CA

Permissions

Receivers

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.cttsxwieviytffzxzflqhinbtojbkeotxwhboajxvuqjgoccca5.SRuxbmmguptjyiisyiwgcffxntkehwobylxujvlrqcumymbjqdlo74B

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.cttsxwieviytffzxzflqhinbtojbkeotxwhboajxvuqjgoccca5.uxbmmguptjyiisyiwgcffxntkehwobylxujvlrqcumymbjqdlo7

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.cttsxwieviytffzxzflqhinbtojbkeotxwhboajxvuqjgoccca5.imbzuudlxmijbmwdowvbhkkuuwdhlsvvhenkfmcgvpzvhnuaci14_RC

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.cttsxwieviytffzxzflqhinbtojbkeotxwhboajxvuqjgoccca5.uxbmmguptjyiisyiwgcffxntkehwobylxujvlrqcumymbjqdlo74

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.uvejichyfqeeishnbatokxdhumcaqsucfmqvystziktgyxjeog33

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.cttsxwieviytffzxzflqhinbtojbkeotxwhboajxvuqjgoccca5.uxbmmguptjyiisyiwgcffxntkehwobylxujvlrqcumymbjqdlo7_AR

Services

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.aowqzcyqfdkagjddtviokdldhljduqldueprbqgjlaabiyiczk3.uxbmmguptjyiisyiwgcffxntkehwobylxujvlrqcumymbjqdlo72

roman.landscape.axlnreqembqnolgqjmzefmbkdzvzjadmatsbxbjuhfaewswwdt2.aowqzcyqfdkagjddtviokdldhljduqldueprbqgjlaabiyiczk3.Sbrjsygkoysfevzlwewubdanjhoilabhgwiutjatwhorbiadkmd6IME

Android Permissions

temp.apk