General

  • Target

    23f9dd8afb75d7be0ce20130821225f3.bin

  • Size

    767KB

  • Sample

    240730-bheemszerr

  • MD5

    23f9dd8afb75d7be0ce20130821225f3

  • SHA1

    d05b169dd57f3f6e4d46e03b7ffd11b2b0470132

  • SHA256

    1ed927136f3c8d45bafb65880f821bc9a3542f143532bb0c095b0ffa3adce415

  • SHA512

    796da9b8577d3e5d950a3e9d61428c13881fc13ce31ce1b21a59ce80e1bedf89a3e6fcdc5de048e9d188a87d2f450385dc62f084d896c7ca4eef4b47d94ecfd7

  • SSDEEP

    12288:BVmCxSG1NXED8Hn0MpJ9OCGdPMaa1a8LR188adD8+6Ka:BVxp1NXkK0Mj9OCGdPta1aS88adD8+Ba

Malware Config

Extracted

Family

spynote

C2

msbhacker1.ddns.net:5214

Targets

    • Target

      23f9dd8afb75d7be0ce20130821225f3.bin

    • Size

      767KB

    • MD5

      23f9dd8afb75d7be0ce20130821225f3

    • SHA1

      d05b169dd57f3f6e4d46e03b7ffd11b2b0470132

    • SHA256

      1ed927136f3c8d45bafb65880f821bc9a3542f143532bb0c095b0ffa3adce415

    • SHA512

      796da9b8577d3e5d950a3e9d61428c13881fc13ce31ce1b21a59ce80e1bedf89a3e6fcdc5de048e9d188a87d2f450385dc62f084d896c7ca4eef4b47d94ecfd7

    • SSDEEP

      12288:BVmCxSG1NXED8Hn0MpJ9OCGdPMaa1a8LR188adD8+6Ka:BVxp1NXkK0Mj9OCGdPta1aS88adD8+Ba

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

MITRE ATT&CK Mobile v15

Tasks