General

  • Target

    2b7c0c172d56808966127f0052b8ad39d64f14c860690f13e83122c7f1a7ca70.bin

  • Size

    760KB

  • Sample

    240710-11dnhavema

  • MD5

    d4b063c860fe316ce49f9514e26911d5

  • SHA1

    3fb93f43e3b3c3e7c26c24c529691b26e51ff8e3

  • SHA256

    2b7c0c172d56808966127f0052b8ad39d64f14c860690f13e83122c7f1a7ca70

  • SHA512

    38fe61b7338f766350b06a40988932738704047d21b360aca06f2ea1d30ebafabc93a8a423a944afd889a9a0b9e9ed24393f6fe83e394a5963f785b0fb3e4330

  • SSDEEP

    12288:WtUroa1a8LVeNRdkfk7YAO5WmpYshXZPbGwidNpgO:WGMa1aKeN8fuYAO5WmD9idNpl

Malware Config

Extracted

Family

spynote

C2

es1.localto.net:3839

Targets

    • Target

      2b7c0c172d56808966127f0052b8ad39d64f14c860690f13e83122c7f1a7ca70.bin

    • Size

      760KB

    • MD5

      d4b063c860fe316ce49f9514e26911d5

    • SHA1

      3fb93f43e3b3c3e7c26c24c529691b26e51ff8e3

    • SHA256

      2b7c0c172d56808966127f0052b8ad39d64f14c860690f13e83122c7f1a7ca70

    • SHA512

      38fe61b7338f766350b06a40988932738704047d21b360aca06f2ea1d30ebafabc93a8a423a944afd889a9a0b9e9ed24393f6fe83e394a5963f785b0fb3e4330

    • SSDEEP

      12288:WtUroa1a8LVeNRdkfk7YAO5WmpYshXZPbGwidNpgO:WGMa1aKeN8fuYAO5WmD9idNpl

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks