General

  • Target

    436c6cfbafdbaa27176e14ec8606bdebd215e45c1183c39ba41f324e571d1015.bin

  • Size

    900KB

  • Sample

    240726-1xfcxs1apg

  • MD5

    3de23fc8e2c3098a606cae2233a616fb

  • SHA1

    b538b82707783b1f0d61d12df203de3ebee87083

  • SHA256

    436c6cfbafdbaa27176e14ec8606bdebd215e45c1183c39ba41f324e571d1015

  • SHA512

    faa24d0f7dd7842f8c6a23a9e1dc0e71ad5e72501abb801b3eb80fa74c9abad6cc3994e4d61911c0476baf4ed6ea6f018f20e1c4ff6b37880d5efac79586f114

  • SSDEEP

    12288:J6sZmRGkBX0yh2+x6FQSTYS4s/1/+cXIWItILINIAgJP1jnjbIen:QsZmJSywW6KYYS4s/UltGMmAgJPZjbV

Malware Config

Extracted

Family

spynote

C2

response-notice.gl.at.ply.gg:33487

Targets

    • Target

      436c6cfbafdbaa27176e14ec8606bdebd215e45c1183c39ba41f324e571d1015.bin

    • Size

      900KB

    • MD5

      3de23fc8e2c3098a606cae2233a616fb

    • SHA1

      b538b82707783b1f0d61d12df203de3ebee87083

    • SHA256

      436c6cfbafdbaa27176e14ec8606bdebd215e45c1183c39ba41f324e571d1015

    • SHA512

      faa24d0f7dd7842f8c6a23a9e1dc0e71ad5e72501abb801b3eb80fa74c9abad6cc3994e4d61911c0476baf4ed6ea6f018f20e1c4ff6b37880d5efac79586f114

    • SSDEEP

      12288:J6sZmRGkBX0yh2+x6FQSTYS4s/1/+cXIWItILINIAgJP1jnjbIen:QsZmJSywW6KYYS4s/UltGMmAgJPZjbV

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks