General

  • Target

    a01f58daca30283f2ec28870657d075a3cbf350a8b03af2e78d385d0fcc0772e.bin

  • Size

    829KB

  • Sample

    240712-1yeg1svanh

  • MD5

    89b271ee8edddbc3ab7dce655bcf53a9

  • SHA1

    eac4731a6e3a0a59e706484426b1e41dae9eac6c

  • SHA256

    a01f58daca30283f2ec28870657d075a3cbf350a8b03af2e78d385d0fcc0772e

  • SHA512

    d732439fac7d9d6944403e4d28da9582929e3cce14beec1e9533093fca2212360323a2dfcbdc64ef3010cc982652b57fab5fbac15d7530c65561fd41467e8b23

  • SSDEEP

    12288:jPSV2Ga1a8LzeqbYFHL5BDdI5McX5WmpYshXZPbGwidNpgc:jPpGa1ameqbYRL5lm5McX5WmD9idNpX

Malware Config

Extracted

Family

spynote

C2

192.168.1.10:4447

Targets

    • Target

      a01f58daca30283f2ec28870657d075a3cbf350a8b03af2e78d385d0fcc0772e.bin

    • Size

      829KB

    • MD5

      89b271ee8edddbc3ab7dce655bcf53a9

    • SHA1

      eac4731a6e3a0a59e706484426b1e41dae9eac6c

    • SHA256

      a01f58daca30283f2ec28870657d075a3cbf350a8b03af2e78d385d0fcc0772e

    • SHA512

      d732439fac7d9d6944403e4d28da9582929e3cce14beec1e9533093fca2212360323a2dfcbdc64ef3010cc982652b57fab5fbac15d7530c65561fd41467e8b23

    • SSDEEP

      12288:jPSV2Ga1a8LzeqbYFHL5BDdI5McX5WmpYshXZPbGwidNpgc:jPpGa1ameqbYRL5lm5McX5WmD9idNpX

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks