General

  • Target

    695d4a6231b6ce4b345feaccba91db3508c0897beb0e7d1b9277b6f772339f7a.bin

  • Size

    760KB

  • Sample

    240710-11bh5ssfkj

  • MD5

    20f065250dd1ddcd62212605afbf042a

  • SHA1

    8103fde44cbcc9f3adc896d57413f8755b65f2c1

  • SHA256

    695d4a6231b6ce4b345feaccba91db3508c0897beb0e7d1b9277b6f772339f7a

  • SHA512

    da6c82f912c7f3aa5d3ca353ceef39b183d6113cec241ea7e2dd883668b56922b26fa9423d7457ecc3bcc7915bc7de789602d38614f4d06445d17ab9cf45e43b

  • SSDEEP

    12288:QUOTi24a1a8LVeWPEvsW72B15WmpYshXZPbGwidNpglQk:QJTila1aKeW+sc2B15WmD9idNpiJ

Malware Config

Extracted

Family

spynote

C2

in1.localto.net:2000

Targets

    • Target

      695d4a6231b6ce4b345feaccba91db3508c0897beb0e7d1b9277b6f772339f7a.bin

    • Size

      760KB

    • MD5

      20f065250dd1ddcd62212605afbf042a

    • SHA1

      8103fde44cbcc9f3adc896d57413f8755b65f2c1

    • SHA256

      695d4a6231b6ce4b345feaccba91db3508c0897beb0e7d1b9277b6f772339f7a

    • SHA512

      da6c82f912c7f3aa5d3ca353ceef39b183d6113cec241ea7e2dd883668b56922b26fa9423d7457ecc3bcc7915bc7de789602d38614f4d06445d17ab9cf45e43b

    • SSDEEP

      12288:QUOTi24a1a8LVeWPEvsW72B15WmpYshXZPbGwidNpglQk:QJTila1aKeW+sc2B15WmD9idNpiJ

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks