General

  • Target

    client.apk

  • Size

    760KB

  • Sample

    240731-x5ql3stgmc

  • MD5

    4b9997c59e8aa3375d5b573f55053d64

  • SHA1

    c5bbc556da441d7da337b01ace0564fb580d8430

  • SHA256

    29d441c38e2a5353716ba41965623eab7792e596cb37b1194b302bb986052f84

  • SHA512

    8dd09a3af93c963cbe9a50341f7dc23b1cf6fa6f9b4b3f4be0b7bd6fd2a9d9ba407363501ad50fc396879b6ae25e93eb4bc8ee5518721ca88a9e633f58b0ccc9

  • SSDEEP

    12288:OaSVYa1a8LreI9WI4o1d5WmpYshXZPbGwidNpgj:Oca1a2eIJ4o1d5WmD9idNpU

Malware Config

Extracted

Family

spynote

C2

insurance-helmet.gl.at.ply.gg:31388

Targets

    • Target

      client.apk

    • Size

      760KB

    • MD5

      4b9997c59e8aa3375d5b573f55053d64

    • SHA1

      c5bbc556da441d7da337b01ace0564fb580d8430

    • SHA256

      29d441c38e2a5353716ba41965623eab7792e596cb37b1194b302bb986052f84

    • SHA512

      8dd09a3af93c963cbe9a50341f7dc23b1cf6fa6f9b4b3f4be0b7bd6fd2a9d9ba407363501ad50fc396879b6ae25e93eb4bc8ee5518721ca88a9e633f58b0ccc9

    • SSDEEP

      12288:OaSVYa1a8LreI9WI4o1d5WmpYshXZPbGwidNpgj:Oca1a2eIJ4o1d5WmD9idNpU

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks