General

  • Target

    ac9edf630240b47a55177c902f4c7ce65df2c677a1d2c64ff6e436d1fd6e1b1a.bin

  • Size

    760KB

  • Sample

    240710-115rzsvere

  • MD5

    32e12c1245996f3ba399e2c3f919d303

  • SHA1

    7d60d8dc25af50cffcc9074ece946421afc3d4e0

  • SHA256

    ac9edf630240b47a55177c902f4c7ce65df2c677a1d2c64ff6e436d1fd6e1b1a

  • SHA512

    fdb065b99a655cfab64a9c756ebe493d2928998dff8c0291285634e9787b1997a0723ebdb0e939de30a8a31b03b98ce5d609d1b7ce3c1c8a6512bde5d10a3823

  • SSDEEP

    12288:Ppx8MVa1a8LVefjgnGN7LLO5WmpYshXZPbGwidNpgMQ:Ppx8ya1aKefqGdLLO5WmD9idNpK

Malware Config

Extracted

Family

spynote

C2

21.ip.gl.ply.gg:5600

Targets

    • Target

      ac9edf630240b47a55177c902f4c7ce65df2c677a1d2c64ff6e436d1fd6e1b1a.bin

    • Size

      760KB

    • MD5

      32e12c1245996f3ba399e2c3f919d303

    • SHA1

      7d60d8dc25af50cffcc9074ece946421afc3d4e0

    • SHA256

      ac9edf630240b47a55177c902f4c7ce65df2c677a1d2c64ff6e436d1fd6e1b1a

    • SHA512

      fdb065b99a655cfab64a9c756ebe493d2928998dff8c0291285634e9787b1997a0723ebdb0e939de30a8a31b03b98ce5d609d1b7ce3c1c8a6512bde5d10a3823

    • SSDEEP

      12288:Ppx8MVa1a8LVefjgnGN7LLO5WmpYshXZPbGwidNpgMQ:Ppx8ya1aKefqGdLLO5WmD9idNpK

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks