General

  • Target

    fcf867d4636281f5913bff30ad81d0eb1ad145032d6b35d6a98b11fb892d976f.bin

  • Size

    743KB

  • Sample

    240714-1wnmxaxbng

  • MD5

    96d3091e0ea73dd7e672b6dd83cd16c3

  • SHA1

    e09554fa6a89e4875d876ca4f89a05ce63a40350

  • SHA256

    fcf867d4636281f5913bff30ad81d0eb1ad145032d6b35d6a98b11fb892d976f

  • SHA512

    c12185a937a815be3c15c4637a014d2bf5afadacca272afa875c00c7edf81595f2f75a5d7ad2c9d0c853550f9b7e5b2b2554e0b6782facef40b826a546c8143c

  • SSDEEP

    12288:BjRrehvia1a8LdeXD+OAjC5WmpYshXZPbGwidNpgN:dRreQa1a6eXyOAjC5WmD9idNp6

Malware Config

Extracted

Family

spynote

C2

0.tcp.ngrok.io:14051

Targets

    • Target

      fcf867d4636281f5913bff30ad81d0eb1ad145032d6b35d6a98b11fb892d976f.bin

    • Size

      743KB

    • MD5

      96d3091e0ea73dd7e672b6dd83cd16c3

    • SHA1

      e09554fa6a89e4875d876ca4f89a05ce63a40350

    • SHA256

      fcf867d4636281f5913bff30ad81d0eb1ad145032d6b35d6a98b11fb892d976f

    • SHA512

      c12185a937a815be3c15c4637a014d2bf5afadacca272afa875c00c7edf81595f2f75a5d7ad2c9d0c853550f9b7e5b2b2554e0b6782facef40b826a546c8143c

    • SSDEEP

      12288:BjRrehvia1a8LdeXD+OAjC5WmpYshXZPbGwidNpgN:dRreQa1a6eXyOAjC5WmD9idNp6

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks