General
-
Target
4b8e70ab123a2707f1d2fc97e44da0644f93ec4925495d85232db24938055101.bin
-
Size
760KB
-
Sample
240718-11ewkasanh
-
MD5
a83669ee7dceca253ee4f371c9d2143e
-
SHA1
dd787fc5c0a5cb33a3d4a31450db5fb3e02bfc26
-
SHA256
4b8e70ab123a2707f1d2fc97e44da0644f93ec4925495d85232db24938055101
-
SHA512
659f198b63ecd9e8994d8a9534d7e21d3a499bf41a6398a00756e0b539f7a9c2881b4c613015b13fa42a23a8ba20e2947a5551a7a8d8524d2db897a1d14d4b23
-
SSDEEP
12288:1ma6fa1a8LdejBnqxX6g5WmpYshXZPbGwidNpgIb:1Ma1a6ejAxX6g5WmD9idNpL
Behavioral task
behavioral1
Sample
4b8e70ab123a2707f1d2fc97e44da0644f93ec4925495d85232db24938055101.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4b8e70ab123a2707f1d2fc97e44da0644f93ec4925495d85232db24938055101.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
4b8e70ab123a2707f1d2fc97e44da0644f93ec4925495d85232db24938055101.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
spynote
0.tcp.ngrok.io:14051
Targets
-
-
Target
4b8e70ab123a2707f1d2fc97e44da0644f93ec4925495d85232db24938055101.bin
-
Size
760KB
-
MD5
a83669ee7dceca253ee4f371c9d2143e
-
SHA1
dd787fc5c0a5cb33a3d4a31450db5fb3e02bfc26
-
SHA256
4b8e70ab123a2707f1d2fc97e44da0644f93ec4925495d85232db24938055101
-
SHA512
659f198b63ecd9e8994d8a9534d7e21d3a499bf41a6398a00756e0b539f7a9c2881b4c613015b13fa42a23a8ba20e2947a5551a7a8d8524d2db897a1d14d4b23
-
SSDEEP
12288:1ma6fa1a8LdejBnqxX6g5WmpYshXZPbGwidNpgIb:1Ma1a6ejAxX6g5WmD9idNpL
Score7/10-
Legitimate hosting services abused for malware hosting/C2
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-