spynote | 666_Dropper[.]apk

General

Target

666_Dropper.apk
Size

6.7MB
MD5

1b898217b6ab25f0e750a93647239cc3
SHA1

3983fd50854aeb2e0f2253f0257dc783270bbd33
SHA256

9b318831ee9af6e3be7ea5f5a7ba701bbd3fc36983c7611e85b1c8d57b4bc1fc
SHA512

e233e9b11d8a6d36c97d8209256c4f64624036bc2606848d58c155f61dd4f924289cc6f44ccf7118fee1367a77caaaa6dd7b1fda84d8590e908f77d13edf151e
SSDEEP

196608:tm8lZWrktxO9ZFFw19HXWzUZntU8d9nmoqOM4:0LruOFFyuU5t1PQOn

Score

10^/10

spynote

Malware Config

Extracted

Family

spynote

C2

us1.localto.net:8741

Signatures

Spynote family
spynote
Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 3 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards).	android.permission.BIND_INPUT_METHOD

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES

Files

666_Dropper.apk
.apk android

com.appd.instll.load

com.appd.instll.splash

Activities

com.appd.instll.splash

android.intent.action.MAIN
android.intent.action.VIEW

Permissions

android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
childapp.apk
.apk android

photoedit.analisar.org

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.nkeyzdvhebbboehsoviqaauvunfxvwigsadunkdcfnknzebavm31

Activities

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.nkeyzdvhebbboehsoviqaauvunfxvwigsadunkdcfnknzebavm31

android.intent.action.CHOOSER
android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED
com.ui.OnAlarmReceiver.ACTION_WIDGET_RECEIVER
com.android.vending.billing.InAppBillingService.COIN
com.android.vending.billing.InAppBillingService.COIO
com.android.vending.billing.InAppBillingService.LUCM
com.android.vending.billing.InAppBillingService.PROX
ir.cafebazaar.pardakht.InAppBillingService.BIND
ru.aaaaaaax.installer
com.nokia.payment.iapenabler.InAppBillingService.BIND
com.android.vending.billing.InAppBillingService.INST

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.tbtxdcsbriuqkknpcinvcykmgigdusrayvrbgeckkwvgeckbfq14_CA

photoedit.analisar.org.xyz

Permissions

android.permission.SEND_SMS
android.permission.READ_SMS
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
oppo.permission.OPPO_COMPONENT_SAFE
oplus.permission.OPLUS_COMPONENT_SAFE
com.huawei.permission.external_app_settings.USE_COMPONENT
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT

Receivers

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.exvytqsienmcwgcraylaapvlxrddmdeuqnjfcyxlsbtevwjtvi5.SRmcubmicryamgldgoazllhjeexsscubolraexqewssqkwnwkogd74B

photoedit.analisar.org.RestartSensor

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.exvytqsienmcwgcraylaapvlxrddmdeuqnjfcyxlsbtevwjtvi5.mcubmicryamgldgoazllhjeexsscubolraexqewssqkwnwkogd7

android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.REBOOT
android.intent.action.LOCKED_BOOT_COMPLETED
miui.intent.action.BOOT_COMPLETEDT

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.exvytqsienmcwgcraylaapvlxrddmdeuqnjfcyxlsbtevwjtvi5.tbtxdcsbriuqkknpcinvcykmgigdusrayvrbgeckkwvgeckbfq14_RC

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED
android.intent.action.MY_PACKAGE_REPLACED

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.exvytqsienmcwgcraylaapvlxrddmdeuqnjfcyxlsbtevwjtvi5.mcubmicryamgldgoazllhjeexsscubolraexqewssqkwnwkogd74

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.USER_PRESENT

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.exvytqsienmcwgcraylaapvlxrddmdeuqnjfcyxlsbtevwjtvi5.datemcubmicryamgldgoazllhjeexsscubolraexqewssqkwnwkogd7rec

android.intent.action.DATE_CHANGED

photoedit.analisar.mcubmicryamgldgoazllhjeexsscubolraexqewssqkwnwkogd7_AR

android.app.action.DEVICE_ADMIN_ENABLED

Services

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.zyjhfukoxejvucahopvxcenczrgbbdudhdarcbifyuxzaanndm3.mcubmicryamgldgoazllhjeexsscubolraexqewssqkwnwkogd72

android.accessibilityservice.AccessibilityService

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.zyjhfukoxejvucahopvxcenczrgbbdudhdarcbifyuxzaanndm3.Vpnmcubmicryamgldgoazllhjeexsscubolraexqewssqkwnwkogd71Service

android.net.VpnService

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.zyjhfukoxejvucahopvxcenczrgbbdudhdarcbifyuxzaanndm3.Seuctgduvrznkalvadvukqfflitvxtabjmoptrgsthkeaxdgtmf6IME

android.view.InputMethod

Android Permissions

666_Dropper.apk

Permissions

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.REQUEST_DELETE_PACKAGES

Sharing

General

Malware Config

Extracted

Signatures

Files

com.appd.instll.load

com.appd.instll.splash

Activities

com.appd.instll.splash

Permissions

photoedit.analisar.org

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.nkeyzdvhebbboehsoviqaauvunfxvwigsadunkdcfnknzebavm31

Activities

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.nkeyzdvhebbboehsoviqaauvunfxvwigsadunkdcfnknzebavm31

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.tbtxdcsbriuqkknpcinvcykmgigdusrayvrbgeckkwvgeckbfq14_CA

Permissions

Receivers

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.exvytqsienmcwgcraylaapvlxrddmdeuqnjfcyxlsbtevwjtvi5.SRmcubmicryamgldgoazllhjeexsscubolraexqewssqkwnwkogd74B

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.exvytqsienmcwgcraylaapvlxrddmdeuqnjfcyxlsbtevwjtvi5.mcubmicryamgldgoazllhjeexsscubolraexqewssqkwnwkogd7

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.exvytqsienmcwgcraylaapvlxrddmdeuqnjfcyxlsbtevwjtvi5.tbtxdcsbriuqkknpcinvcykmgigdusrayvrbgeckkwvgeckbfq14_RC

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.exvytqsienmcwgcraylaapvlxrddmdeuqnjfcyxlsbtevwjtvi5.mcubmicryamgldgoazllhjeexsscubolraexqewssqkwnwkogd74

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.exvytqsienmcwgcraylaapvlxrddmdeuqnjfcyxlsbtevwjtvi5.datemcubmicryamgldgoazllhjeexsscubolraexqewssqkwnwkogd7rec

photoedit.analisar.mcubmicryamgldgoazllhjeexsscubolraexqewssqkwnwkogd7_AR

Services

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.zyjhfukoxejvucahopvxcenczrgbbdudhdarcbifyuxzaanndm3.mcubmicryamgldgoazllhjeexsscubolraexqewssqkwnwkogd72

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.zyjhfukoxejvucahopvxcenczrgbbdudhdarcbifyuxzaanndm3.Vpnmcubmicryamgldgoazllhjeexsscubolraexqewssqkwnwkogd71Service

photoedit.analisar.diljcfxngwjsebuqjaxyiylagzyjlsqaeewghvcitvartxcczn2.zyjhfukoxejvucahopvxcenczrgbbdudhdarcbifyuxzaanndm3.Seuctgduvrznkalvadvukqfflitvxtabjmoptrgsthkeaxdgtmf6IME

Android Permissions

666_Dropper.apk