General

  • Target

    1cdb0dea0873f1728c61a86c772ca862058a1c99b5504922b0f444d86f85110c.bin

  • Size

    760KB

  • Sample

    240712-1zrtqssclm

  • MD5

    258e49e26836866fb6c2bfe25939a24a

  • SHA1

    4fa73a63d00a39da5451b3de02bf68a9b6c74e31

  • SHA256

    1cdb0dea0873f1728c61a86c772ca862058a1c99b5504922b0f444d86f85110c

  • SHA512

    89bb4db7c382fce79fa4fcb357fc418227e57adef8a9c5b3d5a8ef18e0d1a5016070223c16529343e3707bd4e0924bf6dc024d2709025183001feffb2e96c99f

  • SSDEEP

    12288:ChCla1a8LzeY4SnSM77rk5WmpYshXZPbGwidNpg1:CYla1ameYLSG7rk5WmD9idNpC

Malware Config

Extracted

Family

spynote

C2

147.185.221.21:6568

Targets

    • Target

      1cdb0dea0873f1728c61a86c772ca862058a1c99b5504922b0f444d86f85110c.bin

    • Size

      760KB

    • MD5

      258e49e26836866fb6c2bfe25939a24a

    • SHA1

      4fa73a63d00a39da5451b3de02bf68a9b6c74e31

    • SHA256

      1cdb0dea0873f1728c61a86c772ca862058a1c99b5504922b0f444d86f85110c

    • SHA512

      89bb4db7c382fce79fa4fcb357fc418227e57adef8a9c5b3d5a8ef18e0d1a5016070223c16529343e3707bd4e0924bf6dc024d2709025183001feffb2e96c99f

    • SSDEEP

      12288:ChCla1a8LzeY4SnSM77rk5WmpYshXZPbGwidNpg1:CYla1ameYLSG7rk5WmD9idNpC

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks