General

  • Target

    ef7f2949cb42256a111de18a73f8cfd110790753b0115d7e3677ea717c99bd59.bin

  • Size

    831KB

  • Sample

    240712-1y7hsssbrk

  • MD5

    4afe6811dd77415817e0072e4d224587

  • SHA1

    59fd860b7f31e7b8475c704f6012ba1998940d9e

  • SHA256

    ef7f2949cb42256a111de18a73f8cfd110790753b0115d7e3677ea717c99bd59

  • SHA512

    d602f25fec007681771fa1fc9610ad880c282a6970146bbba3b558a946d468df4c9bbfa70d219c7874c93dd9a630522aeb9ad29fd0368741bb76e54afec5a1e0

  • SSDEEP

    12288:wW6zDa1a8LreH3rlAJ1D5pP5WmpYshXZPbGwidNpgy:wpDa1a2eXhA75pP5WmD9idNpl

Malware Config

Extracted

Family

spynote

C2

0.tcp.ngrok.io:18303

Targets

    • Target

      ef7f2949cb42256a111de18a73f8cfd110790753b0115d7e3677ea717c99bd59.bin

    • Size

      831KB

    • MD5

      4afe6811dd77415817e0072e4d224587

    • SHA1

      59fd860b7f31e7b8475c704f6012ba1998940d9e

    • SHA256

      ef7f2949cb42256a111de18a73f8cfd110790753b0115d7e3677ea717c99bd59

    • SHA512

      d602f25fec007681771fa1fc9610ad880c282a6970146bbba3b558a946d468df4c9bbfa70d219c7874c93dd9a630522aeb9ad29fd0368741bb76e54afec5a1e0

    • SSDEEP

      12288:wW6zDa1a8LreH3rlAJ1D5pP5WmpYshXZPbGwidNpgy:wpDa1a2eXhA75pP5WmD9idNpl

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Legitimate hosting services abused for malware hosting/C2

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks