General

  • Target

    client.apk

  • Size

    760KB

  • Sample

    240719-p6hc4asckr

  • MD5

    418a018db471fd0f8b63ef08062d5722

  • SHA1

    d359d0a37c86c34a1ad74e1a95f96714781b3018

  • SHA256

    0a88e970e42d4bddedb15a0e5de10ad2f55093bc9bca6e87913c433762abf7bf

  • SHA512

    323f309e730c636608d35c8fb98c55230b775a4fa17d2c6521f3b060873054f44df64e9e9d8476820965c6411462bb71760005f38d7cc57a864e5521c9dfa59f

  • SSDEEP

    12288:tK9tEN1a1a8LdeE0DU59V15WmpYshXZPbGwidNpgu/:tqtSa1a6eEX59V15WmD9idNpf

Malware Config

Extracted

Family

spynote

C2

research-personalized.gl.at.ply.gg:21196

Targets

    • Target

      client.apk

    • Size

      760KB

    • MD5

      418a018db471fd0f8b63ef08062d5722

    • SHA1

      d359d0a37c86c34a1ad74e1a95f96714781b3018

    • SHA256

      0a88e970e42d4bddedb15a0e5de10ad2f55093bc9bca6e87913c433762abf7bf

    • SHA512

      323f309e730c636608d35c8fb98c55230b775a4fa17d2c6521f3b060873054f44df64e9e9d8476820965c6411462bb71760005f38d7cc57a864e5521c9dfa59f

    • SSDEEP

      12288:tK9tEN1a1a8LdeE0DU59V15WmpYshXZPbGwidNpgu/:tqtSa1a6eEX59V15WmD9idNpf

    • Removes its main activity from the application launcher

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks