General

  • Target

    4b4feef19d17118a2366414b0fc3ae45933f1ad644d83e678f4b112089e7de71.bin

  • Size

    760KB

  • Sample

    240726-1x5mta1bkd

  • MD5

    ff4c0ebae015a21e8b44e07305a25e29

  • SHA1

    e4e300453c20fc5bc35cce4acf8052a7e578ec1b

  • SHA256

    4b4feef19d17118a2366414b0fc3ae45933f1ad644d83e678f4b112089e7de71

  • SHA512

    e756a6f6479d94949149d56b4d4539ee0f16e2f1a5e9cdfbe8965a7c4c94eaf69e01d6e3c60f75afc1067057892332bbb56dbd9222702abfecf540a6c4b74eee

  • SSDEEP

    12288:zAFCI3a1a8LdeF2FNNfa95WmpYshXZPbGwidNpgfe:zATa1a6eFiNfa95WmD9idNpp

Malware Config

Extracted

Family

spynote

C2

star-computer.gl.at.ply.gg:14611

Targets

    • Target

      4b4feef19d17118a2366414b0fc3ae45933f1ad644d83e678f4b112089e7de71.bin

    • Size

      760KB

    • MD5

      ff4c0ebae015a21e8b44e07305a25e29

    • SHA1

      e4e300453c20fc5bc35cce4acf8052a7e578ec1b

    • SHA256

      4b4feef19d17118a2366414b0fc3ae45933f1ad644d83e678f4b112089e7de71

    • SHA512

      e756a6f6479d94949149d56b4d4539ee0f16e2f1a5e9cdfbe8965a7c4c94eaf69e01d6e3c60f75afc1067057892332bbb56dbd9222702abfecf540a6c4b74eee

    • SSDEEP

      12288:zAFCI3a1a8LdeF2FNNfa95WmpYshXZPbGwidNpgfe:zATa1a6eFiNfa95WmD9idNpp

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks