General

  • Target

    ecffd24b74eac797eea22e1a658231b14d65ded39bfb1dd9998875d47eef7bc9.bin

  • Size

    750KB

  • Sample

    240712-1zdl4sscjq

  • MD5

    d5c424341ebf895a29bd402b3749a5bf

  • SHA1

    3188c817fc141ad91ebf089efca1556c33026569

  • SHA256

    ecffd24b74eac797eea22e1a658231b14d65ded39bfb1dd9998875d47eef7bc9

  • SHA512

    a060aadc178e01f506cc0d2d4be536f6a8b7c1ce680922e079e7135e15aa6613a16d6f8cbe54717be1b9b325dcdda54bcb0d6c6af9d8c6d044466bcc90272ae7

  • SSDEEP

    12288:N8xzyRa1a8LrenJLzQsq5WmpYshXZPbGwidNpgj:N8xzya1a2en5zQsq5WmD9idNpw

Malware Config

Extracted

Family

spynote

C2

0.tcp.ngrok.io:4447

Targets

    • Target

      ecffd24b74eac797eea22e1a658231b14d65ded39bfb1dd9998875d47eef7bc9.bin

    • Size

      750KB

    • MD5

      d5c424341ebf895a29bd402b3749a5bf

    • SHA1

      3188c817fc141ad91ebf089efca1556c33026569

    • SHA256

      ecffd24b74eac797eea22e1a658231b14d65ded39bfb1dd9998875d47eef7bc9

    • SHA512

      a060aadc178e01f506cc0d2d4be536f6a8b7c1ce680922e079e7135e15aa6613a16d6f8cbe54717be1b9b325dcdda54bcb0d6c6af9d8c6d044466bcc90272ae7

    • SSDEEP

      12288:N8xzyRa1a8LrenJLzQsq5WmpYshXZPbGwidNpgj:N8xzya1a2en5zQsq5WmD9idNpw

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks