General

  • Target

    3923c7186995634e31aa5014d565e0d1d785aa1a6524aeca0ff62849b2bf879f.bin

  • Size

    760KB

  • Sample

    240716-1ya5lavfkd

  • MD5

    d681a933d145e2dad7ec77ce4a60d6f9

  • SHA1

    c1643bce09433d101f76d3e370cf89445ff216df

  • SHA256

    3923c7186995634e31aa5014d565e0d1d785aa1a6524aeca0ff62849b2bf879f

  • SHA512

    9e9fcd66b45e86084220b5cc10b71501f0f6a7e24f1649a80a95c992fea86cd2170034ece7324164a5f8ac27f34d4c60c0dc8d5ffac0572ba7d9a1139982e090

  • SSDEEP

    12288:HHxf2a1a8LVecfjebGIfr5WmpYshXZPbGwidNpgWaT:nca1aKecMGIfr5WmD9idNpY

Malware Config

Extracted

Family

spynote

C2

prev-labels.gl.at.ply.gg:7691

Targets

    • Target

      3923c7186995634e31aa5014d565e0d1d785aa1a6524aeca0ff62849b2bf879f.bin

    • Size

      760KB

    • MD5

      d681a933d145e2dad7ec77ce4a60d6f9

    • SHA1

      c1643bce09433d101f76d3e370cf89445ff216df

    • SHA256

      3923c7186995634e31aa5014d565e0d1d785aa1a6524aeca0ff62849b2bf879f

    • SHA512

      9e9fcd66b45e86084220b5cc10b71501f0f6a7e24f1649a80a95c992fea86cd2170034ece7324164a5f8ac27f34d4c60c0dc8d5ffac0572ba7d9a1139982e090

    • SSDEEP

      12288:HHxf2a1a8LVecfjebGIfr5WmpYshXZPbGwidNpgWaT:nca1aKecMGIfr5WmD9idNpY

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks