General

  • Target

    4477_Dropper.apk

  • Size

    7.3MB

  • MD5

    02711d3e0af5f69fa60c37cf1d15164a

  • SHA1

    07ddcbde99dd17dc5ce002e86c07f86e245c6047

  • SHA256

    e8f05cb8b2f9f8517ba91b18421e5fe2ea343519b880ed3e8546da28ea939e40

  • SHA512

    0147cc88aec75bf10499a9e344bcdad61a461b014e93218bf70c82ec7990de77965c5dc9adfdb2b2b6643c47319931066ce8f227ee8c66cbeb74b4cffb3e6ca6

  • SSDEEP

    196608:8dGL8m5mVrA1Z6s60bcSD6jNtlqsfMqT229QUrySO:8dGL8m0aZ6sRbUPlpMqKwQUrySO

Score
10/10

Malware Config

Signatures

  • Spynote family
  • Spynote payload 1 IoCs
  • Attempts to obfuscate APK file format

    Applies obfuscation techniques to the APK format in order to hinder analysis

  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 3 IoCs
  • Requests dangerous framework permissions 3 IoCs

Files

  • 4477_Dropper.apk
    .apk android

    com.appd.instll.load

    com.appd.instll.splash


  • childapp.apk
    .apk android

    imag.photoshop.ong

    imag.photoshop.zwxsbrcmnlqjtvxaqwaxgdunawgyozwlboacxxvcnherwrxcvq2.MainActivity


Android Permissions

4477_Dropper.apk

Permissions

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.REQUEST_DELETE_PACKAGES