General

  • Target

    46a59e8d78ead77864d0db791814e32a7299bf3aabe04f23017483f4621333b4.bin

  • Size

    743KB

  • Sample

    240715-1zlbystgqg

  • MD5

    c585d477490df07ca48677435ea86e64

  • SHA1

    de36164f6860e15ca0c3837374d141e3283bdc99

  • SHA256

    46a59e8d78ead77864d0db791814e32a7299bf3aabe04f23017483f4621333b4

  • SHA512

    2b1138ce14b42324a18688fa8734c5ccb4d5ce45233ebc47d70a55848ea497898f5367522cfbabb7bc6619834f93d802f9be2ee4a87388f930a9d75c34703edc

  • SSDEEP

    12288:3tgJfJ6sgR8LzhLpWRbU5WmpYshXZPbGwidNpgu:3AJ6s1LzhNWRbU5WmD9idNpF

Malware Config

Extracted

Family

spynote

C2

Ruzel-45921.portmap.host:45921

Targets

    • Target

      46a59e8d78ead77864d0db791814e32a7299bf3aabe04f23017483f4621333b4.bin

    • Size

      743KB

    • MD5

      c585d477490df07ca48677435ea86e64

    • SHA1

      de36164f6860e15ca0c3837374d141e3283bdc99

    • SHA256

      46a59e8d78ead77864d0db791814e32a7299bf3aabe04f23017483f4621333b4

    • SHA512

      2b1138ce14b42324a18688fa8734c5ccb4d5ce45233ebc47d70a55848ea497898f5367522cfbabb7bc6619834f93d802f9be2ee4a87388f930a9d75c34703edc

    • SSDEEP

      12288:3tgJfJ6sgR8LzhLpWRbU5WmpYshXZPbGwidNpgu:3AJ6s1LzhNWRbU5WmD9idNpF

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks