General

  • Target

    client.apk

  • Size

    760KB

  • Sample

    240731-ksazmswgpj

  • MD5

    2ab7e06742f1359055cbbb1708fb6d1f

  • SHA1

    e004f13402b0d992d66778e5f98b3e8f834696be

  • SHA256

    c03dbba2e82fd35f7cc54203910d150921a8377f41f69d02b2ebf151e6998c40

  • SHA512

    65689727259ff66972acf7479e4983f1214a086895ef32976210fc5ab72c8bef5b7b44fedd95a178c5efec5a869dfa59be340f001fa6df8a3d886f7e43722346

  • SSDEEP

    12288:EO1/Ya1a8LreKn8vkrRt5WmpYshXZPbGwidNpgK:E3a1a2eK2krRt5WmD9idNpt

Malware Config

Extracted

Family

spynote

C2

insurance-helmet.gl.at.ply.gg:31388

Targets

    • Target

      client.apk

    • Size

      760KB

    • MD5

      2ab7e06742f1359055cbbb1708fb6d1f

    • SHA1

      e004f13402b0d992d66778e5f98b3e8f834696be

    • SHA256

      c03dbba2e82fd35f7cc54203910d150921a8377f41f69d02b2ebf151e6998c40

    • SHA512

      65689727259ff66972acf7479e4983f1214a086895ef32976210fc5ab72c8bef5b7b44fedd95a178c5efec5a869dfa59be340f001fa6df8a3d886f7e43722346

    • SSDEEP

      12288:EO1/Ya1a8LreKn8vkrRt5WmpYshXZPbGwidNpgK:E3a1a2eK2krRt5WmD9idNpt

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks