General

  • Target

    ready.apk

  • Size

    6.3MB

  • Sample

    240714-wp9jks1fnq

  • MD5

    5889f60c8bd7d908fa431ab59cc72942

  • SHA1

    80c916fc2c86ca20efac6e7db17faf76cb3e03ba

  • SHA256

    909d7c832f734e3ab267f31b1d2416c694e137d661c3b1fef8ce5d2a0d6f7b57

  • SHA512

    bc28122894bdb49ceae5a06a6a44786e0fba792028c3c40d53a1129a5a79a6ed8a98f43cab84bf3ad4693a4b6cbe28216b2a15fafde58a7c6fd0ea7ac9aeefb1

  • SSDEEP

    98304:3Im16DEDPaNTkMFlE2XGxeci2QRLV5jDhN9cNGpFxLLTiYAsHwK:EEDC5jFNXGxe8mHPhN3p3WYnD

Malware Config

Extracted

Family

spynote

C2

serveronlineopenvpnpro254-63936.portmap.host:63936

Extracted

Family

spynote

C2

serveronlineopenvpnpro254-63936.portmap.host:63936

Targets

    • Target

      ready.apk

    • Size

      6.3MB

    • MD5

      5889f60c8bd7d908fa431ab59cc72942

    • SHA1

      80c916fc2c86ca20efac6e7db17faf76cb3e03ba

    • SHA256

      909d7c832f734e3ab267f31b1d2416c694e137d661c3b1fef8ce5d2a0d6f7b57

    • SHA512

      bc28122894bdb49ceae5a06a6a44786e0fba792028c3c40d53a1129a5a79a6ed8a98f43cab84bf3ad4693a4b6cbe28216b2a15fafde58a7c6fd0ea7ac9aeefb1

    • SSDEEP

      98304:3Im16DEDPaNTkMFlE2XGxeci2QRLV5jDhN9cNGpFxLLTiYAsHwK:EEDC5jFNXGxe8mHPhN3p3WYnD

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks