General

  • Target

    client.apk

  • Size

    760KB

  • Sample

    240731-jp4l4svamm

  • MD5

    2243f212a13959d3c3fef23228a22d08

  • SHA1

    0e4a3c68695d78fb1598ba4f3fb1d79817551999

  • SHA256

    2a5c79a3d4a20a7be31dc482bb2b9171e84cfe8c4c438cb1af1943ceb2601313

  • SHA512

    0c5c734447c0f63bcbb04644d8c2d5fdb2d1fcfb59043c27b51daf258e91e82e543a4b043d1c365c4d1eea76380986f1174eb758a4281baf2f552323b102f973

  • SSDEEP

    12288:c+IcYa1a8LreaPEHCCLL5WmpYshXZPbGwidNpgF:cha1a2eauCCLL5WmD9idNpC

Malware Config

Extracted

Family

spynote

C2

insurance-helmet.gl.at.ply.gg:31388

Targets

    • Target

      client.apk

    • Size

      760KB

    • MD5

      2243f212a13959d3c3fef23228a22d08

    • SHA1

      0e4a3c68695d78fb1598ba4f3fb1d79817551999

    • SHA256

      2a5c79a3d4a20a7be31dc482bb2b9171e84cfe8c4c438cb1af1943ceb2601313

    • SHA512

      0c5c734447c0f63bcbb04644d8c2d5fdb2d1fcfb59043c27b51daf258e91e82e543a4b043d1c365c4d1eea76380986f1174eb758a4281baf2f552323b102f973

    • SSDEEP

      12288:c+IcYa1a8LreaPEHCCLL5WmpYshXZPbGwidNpgF:cha1a2eauCCLL5WmD9idNpC

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks