General

  • Target

    BLC.USSI.apk

  • Size

    78.5MB

  • Sample

    240803-kxyaqstaqc

  • MD5

    064fbab72c516327983edad003977df6

  • SHA1

    e7a7733146cec52d6bd157749a2ee84d22cf0e60

  • SHA256

    8e4fe9ea053ead9949263504c9b3eefa8b7adbf3b1c0d85863a3e093e44ffc63

  • SHA512

    b14780a019ef7edbc8fb5c5d0411a77808a3f44a7bcb07eef469fda5496efa0a87e5727cb2a1d18abd2313e7c7d8cdee7987b90445b7ada3bdf4f2895722a637

  • SSDEEP

    1572864:r7g1o2dcZ9YzJI/C4e02ziqeiGDU2KzaQOECzCLyY+hGRYVLTxQ:r7g1VdcHYzJIa42z1BO/E5mvw6LTe

Malware Config

Extracted

Family

spynote

C2

5.tcp.eu.ngrok.io:12085

Targets

    • Target

      BLC.USSI.apk

    • Size

      78.5MB

    • MD5

      064fbab72c516327983edad003977df6

    • SHA1

      e7a7733146cec52d6bd157749a2ee84d22cf0e60

    • SHA256

      8e4fe9ea053ead9949263504c9b3eefa8b7adbf3b1c0d85863a3e093e44ffc63

    • SHA512

      b14780a019ef7edbc8fb5c5d0411a77808a3f44a7bcb07eef469fda5496efa0a87e5727cb2a1d18abd2313e7c7d8cdee7987b90445b7ada3bdf4f2895722a637

    • SSDEEP

      1572864:r7g1o2dcZ9YzJI/C4e02ziqeiGDU2KzaQOECzCLyY+hGRYVLTxQ:r7g1VdcHYzJIa42z1BO/E5mvw6LTe

    • Removes its main activity from the application launcher

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Legitimate hosting services abused for malware hosting/C2

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks