General

  • Target

    6cad4ee701f0cd82082824a3656cf74356300cb842186a03c0cc64c0dc8be1e7.bin

  • Size

    760KB

  • Sample

    240713-1ypyrayfnq

  • MD5

    0f6686bc81237ff114084bde3178feca

  • SHA1

    4de1ae1cb3fc6f8e37907e36febc22ff453ffc77

  • SHA256

    6cad4ee701f0cd82082824a3656cf74356300cb842186a03c0cc64c0dc8be1e7

  • SHA512

    2b263f1fce3b5f93e1f8ea30b647d9e8084e3c865acdcadb00cad0287726ee5fdf3d9edd512027ef45190ed64a2b67e8665e3b3ced80c4a0c9213716ab95776b

  • SSDEEP

    12288:Q5czMMxoJ6sgRsLzhpxY7S/cC5WmpYshXZPbGwidNpga:OczMvJ6sFLzhM7GcC5WmD9idNpF

Malware Config

Extracted

Family

spynote

C2

microsofttelerek.ddns.net:1177

Targets

    • Target

      6cad4ee701f0cd82082824a3656cf74356300cb842186a03c0cc64c0dc8be1e7.bin

    • Size

      760KB

    • MD5

      0f6686bc81237ff114084bde3178feca

    • SHA1

      4de1ae1cb3fc6f8e37907e36febc22ff453ffc77

    • SHA256

      6cad4ee701f0cd82082824a3656cf74356300cb842186a03c0cc64c0dc8be1e7

    • SHA512

      2b263f1fce3b5f93e1f8ea30b647d9e8084e3c865acdcadb00cad0287726ee5fdf3d9edd512027ef45190ed64a2b67e8665e3b3ced80c4a0c9213716ab95776b

    • SSDEEP

      12288:Q5czMMxoJ6sgRsLzhpxY7S/cC5WmpYshXZPbGwidNpga:OczMvJ6sFLzhM7GcC5WmD9idNpF

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks