General

  • Target

    2c31f2cc1b5d4c5ef6af0c9a1209b0bc10e5e96d946c22953e71a7aaa8b5ee0c.bin

  • Size

    768KB

  • Sample

    240726-1xg7hs1aqb

  • MD5

    1e87f8352c9bad5e6139e0d947b09199

  • SHA1

    86ab91dab16e707b3a08dcf35004546267f500cd

  • SHA256

    2c31f2cc1b5d4c5ef6af0c9a1209b0bc10e5e96d946c22953e71a7aaa8b5ee0c

  • SHA512

    a7af7057bc4402cf060f11bcfda98bcbeef4a7d6ff023b6b83ff271ac3a9dff0af68cd877da12acd886431b051da4e14408de555df687956fc1d589fb2f40b0b

  • SSDEEP

    24576:f9ubsPgw6ucvQE+eo9E4Lc0MJYgJP2ILz:MwIHucIe54Lc0MqgJPZ

Malware Config

Extracted

Family

spynote

C2

hextoriqbindnc222-40991.portmap.host:40991

Targets

    • Target

      2c31f2cc1b5d4c5ef6af0c9a1209b0bc10e5e96d946c22953e71a7aaa8b5ee0c.bin

    • Size

      768KB

    • MD5

      1e87f8352c9bad5e6139e0d947b09199

    • SHA1

      86ab91dab16e707b3a08dcf35004546267f500cd

    • SHA256

      2c31f2cc1b5d4c5ef6af0c9a1209b0bc10e5e96d946c22953e71a7aaa8b5ee0c

    • SHA512

      a7af7057bc4402cf060f11bcfda98bcbeef4a7d6ff023b6b83ff271ac3a9dff0af68cd877da12acd886431b051da4e14408de555df687956fc1d589fb2f40b0b

    • SSDEEP

      24576:f9ubsPgw6ucvQE+eo9E4Lc0MJYgJP2ILz:MwIHucIe54Lc0MqgJPZ

    • Removes its main activity from the application launcher

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks