General

  • Target

    5a6e73f49b3b2fe89cf1b213504bc8caa26e37b2380accb4ffb6258baaf3ab46.apk

  • Size

    4.7MB

  • MD5

    0eb4509f2f385d18149b1782e53918a2

  • SHA1

    9f4cf6dce180e78b6e75b00aae1db21ec47e31f8

  • SHA256

    5a6e73f49b3b2fe89cf1b213504bc8caa26e37b2380accb4ffb6258baaf3ab46

  • SHA512

    3a80b8f79f3d5e1da3ec99e1871da989c178586b661ac725b58437b58ddf16d45deef1ff8db475108bc8c2a8871981a2c14a8d0388a4931e59c972eea6574d53

  • SSDEEP

    98304:UcS4ajm+O65eSB4y9IU66P9eLCI7ZVB04fKHfEVRYzJmY33jkbiR7l0UkqB0:bS4R+Z6y9IkP9eLF7Zb0SKHfEV2FmYH+

Score
10/10

Malware Config

Extracted

Family

spynote

C2

20.215.240.66:7773

Signatures

  • Spynote family
  • Attempts to obfuscate APK file format

    Applies obfuscation techniques to the APK format in order to hinder analysis

  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 3 IoCs
  • Requests dangerous framework permissions 3 IoCs

Files

  • 5a6e73f49b3b2fe89cf1b213504bc8caa26e37b2380accb4ffb6258baaf3ab46.apk
    .apk android

    com.appd.instll.load

    com.appd.instll.splash


  • childapp.apk
    .apk android

    anonymous.prerequisite.armed

    anonymous.prerequisite.abrjriiormxejrlnkribeugyyfsspyzhtnviwwtjjbiznscylf2.hqwwicfymqyzbmmirbwnkjyitrfrdzzhjsbdaphmmmndjhirqx31


Android Permissions

5a6e73f49b3b2fe89cf1b213504bc8caa26e37b2380accb4ffb6258baaf3ab46.apk

Permissions

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.REQUEST_DELETE_PACKAGES