General

  • Target

    3553f10ff69061cb82ba7a96418b52d568d7211a3b6f2716fed490e8c1a7bdba.bin

  • Size

    788KB

  • Sample

    240711-1wvffswcmm

  • MD5

    f6b54b906e2ad8a51d110832ea9df230

  • SHA1

    2bf62cc5a652decf468d3c84cd9c00442d97b32e

  • SHA256

    3553f10ff69061cb82ba7a96418b52d568d7211a3b6f2716fed490e8c1a7bdba

  • SHA512

    ecd6654aeab0af0fb0c8c6dd225fb675933c510f6315781ac20b99c601559e2aa27cba0fddec305bd7b1e64d44858948e4cd207a5577b0711ee1831c4c882519

  • SSDEEP

    12288:smJThBZRvS0qIk2F/R+f8HEzIS5WmpYshXZPbGwidNpg2A:hJThBZRrqqFp+zzIS5WmD9idNpLA

Malware Config

Extracted

Family

spynote

C2

aabbooaa12.ddns.net:1142

Targets

    • Target

      3553f10ff69061cb82ba7a96418b52d568d7211a3b6f2716fed490e8c1a7bdba.bin

    • Size

      788KB

    • MD5

      f6b54b906e2ad8a51d110832ea9df230

    • SHA1

      2bf62cc5a652decf468d3c84cd9c00442d97b32e

    • SHA256

      3553f10ff69061cb82ba7a96418b52d568d7211a3b6f2716fed490e8c1a7bdba

    • SHA512

      ecd6654aeab0af0fb0c8c6dd225fb675933c510f6315781ac20b99c601559e2aa27cba0fddec305bd7b1e64d44858948e4cd207a5577b0711ee1831c4c882519

    • SSDEEP

      12288:smJThBZRvS0qIk2F/R+f8HEzIS5WmpYshXZPbGwidNpg2A:hJThBZRrqqFp+zzIS5WmD9idNpLA

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

MITRE ATT&CK Mobile v15

Tasks