General

  • Target

    f9fb055a022628994fcc549c0cc32ea2.apk

  • Size

    4.3MB

  • Sample

    240729-h46vcasdrf

  • MD5

    f9fb055a022628994fcc549c0cc32ea2

  • SHA1

    13943a4877a692807e95c004647b9f5095d12996

  • SHA256

    9e2d3949da8f9ba04cc843d1b8770eefac3dac18705b8474604fce105f2bf72b

  • SHA512

    123ef888305582fbf026582cd9588e03c839b1024b98d03402c0284144c5f727b1c3a0976cb743871cea28964fb9e55df74ebdc0b36b0bf899b8d5085ba12f47

  • SSDEEP

    98304:guPGvvuJQhJJ0bqAjDUegSR3pdTCL+prpve8A2doKY8rRV:gu4vLfObuegSRnTCL+prdfddoKb

Malware Config

Targets

    • Target

      f9fb055a022628994fcc549c0cc32ea2.apk

    • Size

      4.3MB

    • MD5

      f9fb055a022628994fcc549c0cc32ea2

    • SHA1

      13943a4877a692807e95c004647b9f5095d12996

    • SHA256

      9e2d3949da8f9ba04cc843d1b8770eefac3dac18705b8474604fce105f2bf72b

    • SHA512

      123ef888305582fbf026582cd9588e03c839b1024b98d03402c0284144c5f727b1c3a0976cb743871cea28964fb9e55df74ebdc0b36b0bf899b8d5085ba12f47

    • SSDEEP

      98304:guPGvvuJQhJJ0bqAjDUegSR3pdTCL+prpve8A2doKY8rRV:gu4vLfObuegSRnTCL+prdfddoKb

    • Spynote

      Spynote is a Remote Access Trojan first seen in 2017.

    • Spynote payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks