General

  • Target

    client.apk

  • Size

    37.3MB

  • Sample

    240716-f387zazcle

  • MD5

    edfa57a0ae1c06231dd143d4fe2a9189

  • SHA1

    28bfd6d8875da0312323e9ea87388cb3a91b6575

  • SHA256

    27f1f8cc100a1ba695fde052046686f5e79ff007fbfae8aa4ef1d31e2805eea7

  • SHA512

    04bcdbf4d5fe90079b987964a5a27cd8feec3378b1810796b3a78594188e1108a6934e74637f801ef4dbe9bc0d3047832c32db1ebe38dd36ab7ff1a209b73de5

  • SSDEEP

    786432:eU4NtTbQyAd35vJwk2JYY5GbkTqXCxOEw2douRa76YEWjG23lVGHPzhK5i9q:CBQ7JvJP2GgGY+OOEwRDDEWCulc4/

Malware Config

Extracted

Family

spynote

C2

connection-arizona.gl.at.ply.gg:65211

Targets

    • Target

      client.apk

    • Size

      37.3MB

    • MD5

      edfa57a0ae1c06231dd143d4fe2a9189

    • SHA1

      28bfd6d8875da0312323e9ea87388cb3a91b6575

    • SHA256

      27f1f8cc100a1ba695fde052046686f5e79ff007fbfae8aa4ef1d31e2805eea7

    • SHA512

      04bcdbf4d5fe90079b987964a5a27cd8feec3378b1810796b3a78594188e1108a6934e74637f801ef4dbe9bc0d3047832c32db1ebe38dd36ab7ff1a209b73de5

    • SSDEEP

      786432:eU4NtTbQyAd35vJwk2JYY5GbkTqXCxOEw2douRa76YEWjG23lVGHPzhK5i9q:CBQ7JvJP2GgGY+OOEwRDDEWCulc4/

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks