General

  • Target

    bbef3529bb77b70c30b23eb9a0188f998f7c8fa70adf1592c0ea1e154a7fe5f7.bin

  • Size

    829KB

  • Sample

    240712-1yc9yssbmq

  • MD5

    ebd2fed3add6ca06818ffbc9908355d7

  • SHA1

    800820f91e1a93af0a782d61a30e549e3c466fab

  • SHA256

    bbef3529bb77b70c30b23eb9a0188f998f7c8fa70adf1592c0ea1e154a7fe5f7

  • SHA512

    7d42c625eaa3ea4884f280c385d6fc3da8c69453f79b38df858b7116c52f02930959418580805ccab1f3ba8703e2d65d0121c5bdd37b5d2f54ae50a7fcd91ce2

  • SSDEEP

    24576:lSxJ6sjLzBba7gUlm5Nds5WmD9idNphh7f:QxJ6spaE78Wk0d/hJf

Malware Config

Extracted

Family

spynote

C2

192.168.1.10:4447

Targets

    • Target

      bbef3529bb77b70c30b23eb9a0188f998f7c8fa70adf1592c0ea1e154a7fe5f7.bin

    • Size

      829KB

    • MD5

      ebd2fed3add6ca06818ffbc9908355d7

    • SHA1

      800820f91e1a93af0a782d61a30e549e3c466fab

    • SHA256

      bbef3529bb77b70c30b23eb9a0188f998f7c8fa70adf1592c0ea1e154a7fe5f7

    • SHA512

      7d42c625eaa3ea4884f280c385d6fc3da8c69453f79b38df858b7116c52f02930959418580805ccab1f3ba8703e2d65d0121c5bdd37b5d2f54ae50a7fcd91ce2

    • SSDEEP

      24576:lSxJ6sjLzBba7gUlm5Nds5WmD9idNphh7f:QxJ6spaE78Wk0d/hJf

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks