General

  • Target

    4b8e70ab123a2707f1d2fc97e44da0644f93ec4925495d85232db24938055101.bin

  • Size

    760KB

  • Sample

    240718-11ewkasanh

  • MD5

    a83669ee7dceca253ee4f371c9d2143e

  • SHA1

    dd787fc5c0a5cb33a3d4a31450db5fb3e02bfc26

  • SHA256

    4b8e70ab123a2707f1d2fc97e44da0644f93ec4925495d85232db24938055101

  • SHA512

    659f198b63ecd9e8994d8a9534d7e21d3a499bf41a6398a00756e0b539f7a9c2881b4c613015b13fa42a23a8ba20e2947a5551a7a8d8524d2db897a1d14d4b23

  • SSDEEP

    12288:1ma6fa1a8LdejBnqxX6g5WmpYshXZPbGwidNpgIb:1Ma1a6ejAxX6g5WmD9idNpL

Malware Config

Extracted

Family

spynote

C2

0.tcp.ngrok.io:14051

Targets

    • Target

      4b8e70ab123a2707f1d2fc97e44da0644f93ec4925495d85232db24938055101.bin

    • Size

      760KB

    • MD5

      a83669ee7dceca253ee4f371c9d2143e

    • SHA1

      dd787fc5c0a5cb33a3d4a31450db5fb3e02bfc26

    • SHA256

      4b8e70ab123a2707f1d2fc97e44da0644f93ec4925495d85232db24938055101

    • SHA512

      659f198b63ecd9e8994d8a9534d7e21d3a499bf41a6398a00756e0b539f7a9c2881b4c613015b13fa42a23a8ba20e2947a5551a7a8d8524d2db897a1d14d4b23

    • SSDEEP

      12288:1ma6fa1a8LdejBnqxX6g5WmpYshXZPbGwidNpgIb:1Ma1a6ejAxX6g5WmD9idNpL

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Legitimate hosting services abused for malware hosting/C2

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks