General

  • Target

    3c3913967021af4c383ec1248630ba3599283e59b9f382fff9ec725e7f9b14ee.bin

  • Size

    760KB

  • Sample

    240710-11cq7ssfkl

  • MD5

    d55f8792abdee3546ca8a4f3ed332dad

  • SHA1

    e1a14c1ecbadfc5ce4c6c73d581cbecfa9be71cf

  • SHA256

    3c3913967021af4c383ec1248630ba3599283e59b9f382fff9ec725e7f9b14ee

  • SHA512

    f45262e955a4cedf1d6bf551fe2336f05605a05ff18ce7f2de144175ad7bd797b93910021a66d08a962f9d8e2aec0311e52dc7ca1ae6ee9ff314bd676a5309c7

  • SSDEEP

    12288:D8oBa1a8LreBdN+b27goe5WmpYshXZPbGwidNpgw:DJa1a2eBOb8goe5WmD9idNpv

Malware Config

Extracted

Family

spynote

C2

es1.localto.net:3839:3839

Targets

    • Target

      3c3913967021af4c383ec1248630ba3599283e59b9f382fff9ec725e7f9b14ee.bin

    • Size

      760KB

    • MD5

      d55f8792abdee3546ca8a4f3ed332dad

    • SHA1

      e1a14c1ecbadfc5ce4c6c73d581cbecfa9be71cf

    • SHA256

      3c3913967021af4c383ec1248630ba3599283e59b9f382fff9ec725e7f9b14ee

    • SHA512

      f45262e955a4cedf1d6bf551fe2336f05605a05ff18ce7f2de144175ad7bd797b93910021a66d08a962f9d8e2aec0311e52dc7ca1ae6ee9ff314bd676a5309c7

    • SSDEEP

      12288:D8oBa1a8LreBdN+b27goe5WmpYshXZPbGwidNpgw:DJa1a2eBOb8goe5WmD9idNpv

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks