General

  • Target

    cbaf60e7e53e9ec1a25eb3ec701581abe84748f82dabfbb8330f9c921f82b66d.bin

  • Size

    1.6MB

  • Sample

    240727-1xa37stgpd

  • MD5

    8a1915010dc613819ff050f992bba0f1

  • SHA1

    f3598ddff62b24c5f60854b96c3cc8a81baec359

  • SHA256

    cbaf60e7e53e9ec1a25eb3ec701581abe84748f82dabfbb8330f9c921f82b66d

  • SHA512

    526d5af8af51b59cb69aa6a2cdd5cc67997b0e09acf456e27893e783cb87a5bc199e7dd972f6237830984f9ec62bd9b802e37e79ecc40905a75e56202e9789f9

  • SSDEEP

    24576:cuBZR7qDsLcfhJUt49pE7oZc6HsfIHpWxNP4W75WmD9idNp8:JBZRisLcJ84g74c6qIJ4N3Wk0d/8

Malware Config

Extracted

Family

spynote

C2

calm-duck-46.telebit.io:6810

Targets

    • Target

      cbaf60e7e53e9ec1a25eb3ec701581abe84748f82dabfbb8330f9c921f82b66d.bin

    • Size

      1.6MB

    • MD5

      8a1915010dc613819ff050f992bba0f1

    • SHA1

      f3598ddff62b24c5f60854b96c3cc8a81baec359

    • SHA256

      cbaf60e7e53e9ec1a25eb3ec701581abe84748f82dabfbb8330f9c921f82b66d

    • SHA512

      526d5af8af51b59cb69aa6a2cdd5cc67997b0e09acf456e27893e783cb87a5bc199e7dd972f6237830984f9ec62bd9b802e37e79ecc40905a75e56202e9789f9

    • SSDEEP

      24576:cuBZR7qDsLcfhJUt49pE7oZc6HsfIHpWxNP4W75WmD9idNp8:JBZRisLcJ84g74c6qIJ4N3Wk0d/8

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks