General

  • Target

    af83ee59c8d0caaef22f6ec77bdb9b42ec6e465315e38984de4639900efcc96f.bin

  • Size

    743KB

  • Sample

    240714-1wmqlsxbne

  • MD5

    81ff8957b75556df3212b91aff060ae5

  • SHA1

    21d0a6437549399d772a8a6e79777ca5b95cdefa

  • SHA256

    af83ee59c8d0caaef22f6ec77bdb9b42ec6e465315e38984de4639900efcc96f

  • SHA512

    e0d15766f3cb8d36ebbce5df07dbacacc526984272a0b71cefbbe98aeec29ebec32f14485af6ed927d5c8d70f231b911bf2312e133fbd55df420a6d2515fb65e

  • SSDEEP

    12288:I8edsa1a8Lze7fSxINj5WmpYshXZPbGwidNpgC:Ijsa1ame76xINj5WmD9idNpF

Malware Config

Extracted

Family

spynote

C2

192.168.254.107:14051

Targets

    • Target

      af83ee59c8d0caaef22f6ec77bdb9b42ec6e465315e38984de4639900efcc96f.bin

    • Size

      743KB

    • MD5

      81ff8957b75556df3212b91aff060ae5

    • SHA1

      21d0a6437549399d772a8a6e79777ca5b95cdefa

    • SHA256

      af83ee59c8d0caaef22f6ec77bdb9b42ec6e465315e38984de4639900efcc96f

    • SHA512

      e0d15766f3cb8d36ebbce5df07dbacacc526984272a0b71cefbbe98aeec29ebec32f14485af6ed927d5c8d70f231b911bf2312e133fbd55df420a6d2515fb65e

    • SSDEEP

      12288:I8edsa1a8Lze7fSxINj5WmpYshXZPbGwidNpgC:Ijsa1ame76xINj5WmD9idNpF

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks