General

  • Target

    db46571f8fe20bf5bc2f1b48236ee7cf57b98d34e54e12c3fe5a97208e61c7f4.bin

  • Size

    760KB

  • Sample

    240715-1yg8xa1frp

  • MD5

    da246f2e4206e94c20455ea830653f9f

  • SHA1

    89f6d4c7c0bfe590427e7b645930c1786483ff06

  • SHA256

    db46571f8fe20bf5bc2f1b48236ee7cf57b98d34e54e12c3fe5a97208e61c7f4

  • SHA512

    9206fc82c75ef8d934223a56e43782ad976184c4c57f17cfee8936ca1510c820a194f143994b90180bc8312041fe4626ba36f86243d861ab2438acb295defe00

  • SSDEEP

    12288:lGkXSa1a8LVetCmG2YXN5WmpYshXZPbGwidNpgCv:lIa1aKet42YXN5WmD9idNp/

Malware Config

Extracted

Family

spynote

C2

trip-par.gl.at.ply.gg:59786

Targets

    • Target

      db46571f8fe20bf5bc2f1b48236ee7cf57b98d34e54e12c3fe5a97208e61c7f4.bin

    • Size

      760KB

    • MD5

      da246f2e4206e94c20455ea830653f9f

    • SHA1

      89f6d4c7c0bfe590427e7b645930c1786483ff06

    • SHA256

      db46571f8fe20bf5bc2f1b48236ee7cf57b98d34e54e12c3fe5a97208e61c7f4

    • SHA512

      9206fc82c75ef8d934223a56e43782ad976184c4c57f17cfee8936ca1510c820a194f143994b90180bc8312041fe4626ba36f86243d861ab2438acb295defe00

    • SSDEEP

      12288:lGkXSa1a8LVetCmG2YXN5WmpYshXZPbGwidNpgCv:lIa1aKet42YXN5WmD9idNp/

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks