General
-
Target
ef7f2949cb42256a111de18a73f8cfd110790753b0115d7e3677ea717c99bd59.bin
-
Size
831KB
-
Sample
240712-1y7hsssbrk
-
MD5
4afe6811dd77415817e0072e4d224587
-
SHA1
59fd860b7f31e7b8475c704f6012ba1998940d9e
-
SHA256
ef7f2949cb42256a111de18a73f8cfd110790753b0115d7e3677ea717c99bd59
-
SHA512
d602f25fec007681771fa1fc9610ad880c282a6970146bbba3b558a946d468df4c9bbfa70d219c7874c93dd9a630522aeb9ad29fd0368741bb76e54afec5a1e0
-
SSDEEP
12288:wW6zDa1a8LreH3rlAJ1D5pP5WmpYshXZPbGwidNpgy:wpDa1a2eXhA75pP5WmD9idNpl
Behavioral task
behavioral1
Sample
ef7f2949cb42256a111de18a73f8cfd110790753b0115d7e3677ea717c99bd59.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
ef7f2949cb42256a111de18a73f8cfd110790753b0115d7e3677ea717c99bd59.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
ef7f2949cb42256a111de18a73f8cfd110790753b0115d7e3677ea717c99bd59.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
spynote
0.tcp.ngrok.io:18303
Targets
-
-
Target
ef7f2949cb42256a111de18a73f8cfd110790753b0115d7e3677ea717c99bd59.bin
-
Size
831KB
-
MD5
4afe6811dd77415817e0072e4d224587
-
SHA1
59fd860b7f31e7b8475c704f6012ba1998940d9e
-
SHA256
ef7f2949cb42256a111de18a73f8cfd110790753b0115d7e3677ea717c99bd59
-
SHA512
d602f25fec007681771fa1fc9610ad880c282a6970146bbba3b558a946d468df4c9bbfa70d219c7874c93dd9a630522aeb9ad29fd0368741bb76e54afec5a1e0
-
SSDEEP
12288:wW6zDa1a8LreH3rlAJ1D5pP5WmpYshXZPbGwidNpgy:wpDa1a2eXhA75pP5WmD9idNpl
-
Legitimate hosting services abused for malware hosting/C2
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-
Tries to add a device administrator.
-