spymax | 97e63e6063345318325b666c54cdffb474725349d948626ef5671bb22020e335 | Triage

Sharing

General

Target

97e63e6063345318325b666c54cdffb474725349d948626ef5671bb22020e335.apk
Size

44KB
Sample

240802-cky3hathrg
MD5

6c92b035eb2d537146d480dfb1d0cec8
SHA1

825fe03f6a74c64c67c9d3397e171c9fd0c1bbaa
SHA256

97e63e6063345318325b666c54cdffb474725349d948626ef5671bb22020e335
SHA512

e6de2a14225f0d14d669b799a00974255ec6e266ee454e3326e422088c21bb2836b93b11f9a6d6d3367e1ed0e5140ee4a7f1df78e9dc5843079e4eca0c7a3e0a
SSDEEP

768:qUAcH4h5nNNW35xw2m0sQZnBF2pDAY9NAWW/GCFzKmK/3Sd7:qj35NedFZnOAY9NAWWdFzkvC7

Score

10^/10

spymax android collection credential_access discovery evasion impact persistence

Malware Config

Extracted

Family

spymax

C2

5.189.136.230:7860

Targets

- Target
  
  97e63e6063345318325b666c54cdffb474725349d948626ef5671bb22020e335.apk
- Size
  
  44KB
- MD5
  
  6c92b035eb2d537146d480dfb1d0cec8
- SHA1
  
  825fe03f6a74c64c67c9d3397e171c9fd0c1bbaa
- SHA256
  
  97e63e6063345318325b666c54cdffb474725349d948626ef5671bb22020e335
- SHA512
  
  e6de2a14225f0d14d669b799a00974255ec6e266ee454e3326e422088c21bb2836b93b11f9a6d6d3367e1ed0e5140ee4a7f1df78e9dc5843079e4eca0c7a3e0a
- SSDEEP
  
  768:qUAcH4h5nNNW35xw2m0sQZnBF2pDAY9NAWW/GCFzKmK/3Sd7:qj35NedFZnOAY9NAWWdFzkvC7
Score

7^/10

discovery evasion persistence collection credential_access impact
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Legitimate hosting services abused for malware hosting/C2
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries the mobile country code (MCC)
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

collectioncredential_accessdiscoveryevasionimpactpersistence

behavioral3

collectioncredential_accessevasionimpactpersistence