General

  • Target

    6d73a4cea0bcfa12decb224f7d422c7828240a9f56bb46180289f779b5a7d780.bin

  • Size

    778KB

  • Sample

    240712-1xkmmssbjq

  • MD5

    c39640f3d98ec73f45ae1af38cc421ed

  • SHA1

    fdd96660c8a3d09ec7684b472efb36f1b88d8869

  • SHA256

    6d73a4cea0bcfa12decb224f7d422c7828240a9f56bb46180289f779b5a7d780

  • SHA512

    013a6e84111314e00938154d5cfa307e001b98afc27f34a62192ace1ff07ed8a47104107832b382722eb4817eac4d8a39ae40166e0ccde325ea18e1db7d713d9

  • SSDEEP

    12288:n+HYZa1a8LVecLGDcjj7b8x5WmpYshXZPbGwidNpg2:+HOa1aKec1jj7b8x5WmD9idNpl

Malware Config

Extracted

Family

spynote

C2

vitorkm-44070.portmap.host:44070

Targets

    • Target

      6d73a4cea0bcfa12decb224f7d422c7828240a9f56bb46180289f779b5a7d780.bin

    • Size

      778KB

    • MD5

      c39640f3d98ec73f45ae1af38cc421ed

    • SHA1

      fdd96660c8a3d09ec7684b472efb36f1b88d8869

    • SHA256

      6d73a4cea0bcfa12decb224f7d422c7828240a9f56bb46180289f779b5a7d780

    • SHA512

      013a6e84111314e00938154d5cfa307e001b98afc27f34a62192ace1ff07ed8a47104107832b382722eb4817eac4d8a39ae40166e0ccde325ea18e1db7d713d9

    • SSDEEP

      12288:n+HYZa1a8LVecLGDcjj7b8x5WmpYshXZPbGwidNpg2:+HOa1aKec1jj7b8x5WmD9idNpl

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

MITRE ATT&CK Mobile v15

Tasks