General

  • Target

    06ed969125c9a9ae7f0ce652e3d45dc5a9c3e3997a22d987dd29ea334c659667.bin

  • Size

    760KB

  • Sample

    240801-14r1astbla

  • MD5

    ee78b7a2914dc0ead69a7510a98b1921

  • SHA1

    e52d2da8752d46e403469346be20eaa79882383f

  • SHA256

    06ed969125c9a9ae7f0ce652e3d45dc5a9c3e3997a22d987dd29ea334c659667

  • SHA512

    d66fccc3ee1dbec111753f3990e3c7c278abe6468064ab2b35b83b95330fde720a95e29687e227fef5990d8768eef4a5013f92dfb4c6c4e9fd2551eabafeec51

  • SSDEEP

    12288:NiFba1a8LVe6nQTMjdZX5WmpYshXZPbGwidNpgw1:Nca1aKe6CMjdZX5WmD9idNpN1

Malware Config

Extracted

Family

spynote

C2

pre-species.gl.at.ply.gg:31378

Targets

    • Target

      06ed969125c9a9ae7f0ce652e3d45dc5a9c3e3997a22d987dd29ea334c659667.bin

    • Size

      760KB

    • MD5

      ee78b7a2914dc0ead69a7510a98b1921

    • SHA1

      e52d2da8752d46e403469346be20eaa79882383f

    • SHA256

      06ed969125c9a9ae7f0ce652e3d45dc5a9c3e3997a22d987dd29ea334c659667

    • SHA512

      d66fccc3ee1dbec111753f3990e3c7c278abe6468064ab2b35b83b95330fde720a95e29687e227fef5990d8768eef4a5013f92dfb4c6c4e9fd2551eabafeec51

    • SSDEEP

      12288:NiFba1a8LVe6nQTMjdZX5WmpYshXZPbGwidNpgw1:Nca1aKe6CMjdZX5WmD9idNpN1

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks