General

  • Target

    2bd0ef79a9869ab1e15b2840751a91df71c65adb859c1a120c31cd44c7694a3b.bin

  • Size

    889KB

  • Sample

    240714-1yccnaxcjd

  • MD5

    be63cbb6e56c74e7cb739d8964d841c2

  • SHA1

    ff1bae5c7636e02fd0befdf225601c68af11bb4b

  • SHA256

    2bd0ef79a9869ab1e15b2840751a91df71c65adb859c1a120c31cd44c7694a3b

  • SHA512

    d03781c3528437e97d162e056a14d39ef6bc2a12366af940290db52fa7e2912b1a000d848f753789302bfa60f151a9342c6f7f3ad906e225e19e1bc89d8b9fc5

  • SSDEEP

    12288:wepE9a1a8LVe5b8lHvQ/LM3GO5wP5WmpYshXZPbGwidNpgKU:BE9a1aKe5b8NvEw2O5wP5WmD9idNprU

Malware Config

Extracted

Family

spynote

C2

0.tcp.ngrok.io:14051

Targets

    • Target

      2bd0ef79a9869ab1e15b2840751a91df71c65adb859c1a120c31cd44c7694a3b.bin

    • Size

      889KB

    • MD5

      be63cbb6e56c74e7cb739d8964d841c2

    • SHA1

      ff1bae5c7636e02fd0befdf225601c68af11bb4b

    • SHA256

      2bd0ef79a9869ab1e15b2840751a91df71c65adb859c1a120c31cd44c7694a3b

    • SHA512

      d03781c3528437e97d162e056a14d39ef6bc2a12366af940290db52fa7e2912b1a000d848f753789302bfa60f151a9342c6f7f3ad906e225e19e1bc89d8b9fc5

    • SSDEEP

      12288:wepE9a1a8LVe5b8lHvQ/LM3GO5wP5WmpYshXZPbGwidNpgKU:BE9a1aKe5b8NvEw2O5wP5WmD9idNprU

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks