General

  • Target

    client.apk

  • Size

    760KB

  • Sample

    240716-r9ms4a1bma

  • MD5

    e0db37552db6ed9d6f371071cdd09288

  • SHA1

    0e1b779459cbd8080fdafdb7e87ffa159227117c

  • SHA256

    ee23ef15a2c5a9500562b7cab0365239c80216fa7b9e30050355003f0365007b

  • SHA512

    305f80ad5e82b081c45a21e66fc1eccaf659a842a6c66ba635ab3b19812f6ede886bbdc9569ea1d479440fcd3b1a696fc6018fb1eec20074ae53169507f4d0bc

  • SSDEEP

    12288:UGnoSva1a8LzeuZUm2kjb5WmpYshXZPbGwidNpgDi:UGnRa1ameuF2kjb5WmD9idNpQi

Malware Config

Extracted

Family

spynote

C2

data-dakota.gl.at.ply.gg:2094

Targets

    • Target

      client.apk

    • Size

      760KB

    • MD5

      e0db37552db6ed9d6f371071cdd09288

    • SHA1

      0e1b779459cbd8080fdafdb7e87ffa159227117c

    • SHA256

      ee23ef15a2c5a9500562b7cab0365239c80216fa7b9e30050355003f0365007b

    • SHA512

      305f80ad5e82b081c45a21e66fc1eccaf659a842a6c66ba635ab3b19812f6ede886bbdc9569ea1d479440fcd3b1a696fc6018fb1eec20074ae53169507f4d0bc

    • SSDEEP

      12288:UGnoSva1a8LzeuZUm2kjb5WmpYshXZPbGwidNpgDi:UGnRa1ameuF2kjb5WmD9idNpQi

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks