General

  • Target

    5d98c0a18ff65b9551f7f2259feedb7103293ef59927077543689e2acb67ff67.bin

  • Size

    903KB

  • Sample

    240810-1w5w7azflj

  • MD5

    d20ddf17a6960a690c01ebb616c8b71c

  • SHA1

    0959f20489c5dec9509a5384f3f3226a9358ccde

  • SHA256

    5d98c0a18ff65b9551f7f2259feedb7103293ef59927077543689e2acb67ff67

  • SHA512

    aba19c9bed87725c88028ab58fc545e09ea8887eaca38ae91354e040ade9942d954dc82fb15828cff50746b63edee0a0f81d96866cc5012e350fec7c26ac3c52

  • SSDEEP

    24576:d2l3gY9a1aKez8qyud4kvKjbu5WmD9idNpk:Il3Pa1ab8qPigKWWk0d/k

Malware Config

Extracted

Family

spynote

C2

0.tcp.ngrok.io:14051

Targets

    • Target

      5d98c0a18ff65b9551f7f2259feedb7103293ef59927077543689e2acb67ff67.bin

    • Size

      903KB

    • MD5

      d20ddf17a6960a690c01ebb616c8b71c

    • SHA1

      0959f20489c5dec9509a5384f3f3226a9358ccde

    • SHA256

      5d98c0a18ff65b9551f7f2259feedb7103293ef59927077543689e2acb67ff67

    • SHA512

      aba19c9bed87725c88028ab58fc545e09ea8887eaca38ae91354e040ade9942d954dc82fb15828cff50746b63edee0a0f81d96866cc5012e350fec7c26ac3c52

    • SSDEEP

      24576:d2l3gY9a1aKez8qyud4kvKjbu5WmD9idNpk:Il3Pa1ab8qPigKWWk0d/k

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Legitimate hosting services abused for malware hosting/C2

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks