General

  • Target

    apk.apk

  • Size

    4.3MB

  • Sample

    240801-q1v8fatank

  • MD5

    ebc4b8a563052250195a854b663fa02c

  • SHA1

    ab7ffad7917cd46ab353fd7f090fff5a86aaa286

  • SHA256

    ac412bf1fb5840227678830cb8ca47c5f298e2e2d29ac9ecee48ed26a0821f3f

  • SHA512

    4095589220b73a20f8f2c0a79be3a1db96460f51ee15949dd40f040e182b579c47fdc4f12657ed704f87ba08a7db8f09f648bbb7823c1064108c7e42f1646c38

  • SSDEEP

    98304:bHeSQh4qJufi1mmdm2V+7WAauiue3TTrl2bd:bmaqEYa2V+7Wgi33frCd

Malware Config

Targets

    • Target

      apk.apk

    • Size

      4.3MB

    • MD5

      ebc4b8a563052250195a854b663fa02c

    • SHA1

      ab7ffad7917cd46ab353fd7f090fff5a86aaa286

    • SHA256

      ac412bf1fb5840227678830cb8ca47c5f298e2e2d29ac9ecee48ed26a0821f3f

    • SHA512

      4095589220b73a20f8f2c0a79be3a1db96460f51ee15949dd40f040e182b579c47fdc4f12657ed704f87ba08a7db8f09f648bbb7823c1064108c7e42f1646c38

    • SSDEEP

      98304:bHeSQh4qJufi1mmdm2V+7WAauiue3TTrl2bd:bmaqEYa2V+7Wgi33frCd

    • Spynote

      Spynote is a Remote Access Trojan first seen in 2017.

    • Spynote payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks