General

  • Target

    ready.apk

  • Size

    8.5MB

  • Sample

    240711-nswg5avcqj

  • MD5

    46650feabbdb3df77e2d015bf603543e

  • SHA1

    01bb98d975c587dd1f16123caa98e72eeb0407b4

  • SHA256

    62da8865102bffa0ecd97ef4bd259b72f281af2674c7cc16db366e83f3627ab1

  • SHA512

    daeb5972d430d45d2549b7b71701eaaed5a147fd797845347dffd07209200a6c408aadffb823903f815ae6ca5a66b420df8f11f0ad3b18ab696ade0111addd9c

  • SSDEEP

    49152:TJ4AaOPb9QdkmqFVHWQRnNTHU/iLxbjWUS7MHTeLmznzdGG9QTOIZUBYqL0cgscs:PZ7NT0/iFi7MomznzByTu0tsh

Malware Config

Extracted

Family

spynote

C2

instruments-av.gl.at.ply.gg:49528

Targets

    • Target

      ready.apk

    • Size

      8.5MB

    • MD5

      46650feabbdb3df77e2d015bf603543e

    • SHA1

      01bb98d975c587dd1f16123caa98e72eeb0407b4

    • SHA256

      62da8865102bffa0ecd97ef4bd259b72f281af2674c7cc16db366e83f3627ab1

    • SHA512

      daeb5972d430d45d2549b7b71701eaaed5a147fd797845347dffd07209200a6c408aadffb823903f815ae6ca5a66b420df8f11f0ad3b18ab696ade0111addd9c

    • SSDEEP

      49152:TJ4AaOPb9QdkmqFVHWQRnNTHU/iLxbjWUS7MHTeLmznzdGG9QTOIZUBYqL0cgscs:PZ7NT0/iFi7MomznzByTu0tsh

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks