General
-
Target
5d98c0a18ff65b9551f7f2259feedb7103293ef59927077543689e2acb67ff67.bin
-
Size
903KB
-
Sample
240810-1w5w7azflj
-
MD5
d20ddf17a6960a690c01ebb616c8b71c
-
SHA1
0959f20489c5dec9509a5384f3f3226a9358ccde
-
SHA256
5d98c0a18ff65b9551f7f2259feedb7103293ef59927077543689e2acb67ff67
-
SHA512
aba19c9bed87725c88028ab58fc545e09ea8887eaca38ae91354e040ade9942d954dc82fb15828cff50746b63edee0a0f81d96866cc5012e350fec7c26ac3c52
-
SSDEEP
24576:d2l3gY9a1aKez8qyud4kvKjbu5WmD9idNpk:Il3Pa1ab8qPigKWWk0d/k
Behavioral task
behavioral1
Sample
5d98c0a18ff65b9551f7f2259feedb7103293ef59927077543689e2acb67ff67.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5d98c0a18ff65b9551f7f2259feedb7103293ef59927077543689e2acb67ff67.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
5d98c0a18ff65b9551f7f2259feedb7103293ef59927077543689e2acb67ff67.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
spynote
0.tcp.ngrok.io:14051
Targets
-
-
Target
5d98c0a18ff65b9551f7f2259feedb7103293ef59927077543689e2acb67ff67.bin
-
Size
903KB
-
MD5
d20ddf17a6960a690c01ebb616c8b71c
-
SHA1
0959f20489c5dec9509a5384f3f3226a9358ccde
-
SHA256
5d98c0a18ff65b9551f7f2259feedb7103293ef59927077543689e2acb67ff67
-
SHA512
aba19c9bed87725c88028ab58fc545e09ea8887eaca38ae91354e040ade9942d954dc82fb15828cff50746b63edee0a0f81d96866cc5012e350fec7c26ac3c52
-
SSDEEP
24576:d2l3gY9a1aKez8qyud4kvKjbu5WmD9idNpk:Il3Pa1ab8qPigKWWk0d/k
-
Legitimate hosting services abused for malware hosting/C2
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-
Tries to add a device administrator.
-