General

  • Target

    apk.apk

  • Size

    4.3MB

  • Sample

    240801-r7edyazgkb

  • MD5

    2362f90d7131327b4860f57546a0d9e9

  • SHA1

    3d18596807a69cf393483428e3db3a0740697937

  • SHA256

    bce39d09db561fef36ae721a8b9876c39ebd3e7e505a87831a92f2797325c642

  • SHA512

    d9f040602c0dcc8891e8f27c439d3825dd0cdbd2e6a0e3880c869883bdb761458e1ef5a2823fc059b4d8ddb15fc28d2c50283a10b9d36ca0ecf99b126ae41ad8

  • SSDEEP

    49152:DnVpq4tDKmjpFQ9bBuCJdb5R6OeznFgm9CgGsKDbyY1Fyc/L0CrtMiMWVEIrXpWi:3bt5jbQhICJZiOKDMsOb/5D2mYq5mpjO

Malware Config

Targets

    • Target

      apk.apk

    • Size

      4.3MB

    • MD5

      2362f90d7131327b4860f57546a0d9e9

    • SHA1

      3d18596807a69cf393483428e3db3a0740697937

    • SHA256

      bce39d09db561fef36ae721a8b9876c39ebd3e7e505a87831a92f2797325c642

    • SHA512

      d9f040602c0dcc8891e8f27c439d3825dd0cdbd2e6a0e3880c869883bdb761458e1ef5a2823fc059b4d8ddb15fc28d2c50283a10b9d36ca0ecf99b126ae41ad8

    • SSDEEP

      49152:DnVpq4tDKmjpFQ9bBuCJdb5R6OeznFgm9CgGsKDbyY1Fyc/L0CrtMiMWVEIrXpWi:3bt5jbQhICJZiOKDMsOb/5D2mYq5mpjO

    • Spynote

      Spynote is a Remote Access Trojan first seen in 2017.

    • Spynote payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks