spynote | espia (3)_Dropper[.]apk

General

Target

espia (3)_Dropper.apk
Size

6.6MB
MD5

1490bec2213c75a7291243a706998140
SHA1

fbae531127f39bb43d6103f3bf765316cf8d9526
SHA256

7dc2eccc96d606d4e90c30a330e680b58584d519cf509a653b1d28dd481519d4
SHA512

28a9e74dff13c33845ab221a9ef2e49e13d5d926a57c0ce87f3698bdfa8f865d2390a3bc8952a2337f2c5025836da87a46990603437edd4428a2cf0e622df3c8
SSDEEP

196608:82WCfD4h+1wYAVIu6B1N/jx0FiGbZXViQC:82W+4h+a7/M1Jx0FJbZFG

Score

10^/10

spynote

Malware Config

Extracted

Family

spynote

C2

br2.localto.net:2530

Signatures

Spynote family
spynote
Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 3 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards).	android.permission.BIND_INPUT_METHOD

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES

Files

espia (3)_Dropper.apk
.apk android

com.appd.instll.load

com.appd.instll.splash

Activities

com.appd.instll.splash

android.intent.action.MAIN
android.intent.action.VIEW

Permissions

android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
childapp.apk
.apk android

systema.verificado.protegido

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.ksqjrbbghpdclrnidbwgwvgpztlskkuvksxulsafkkhwdytvte31

Activities

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.ksqjrbbghpdclrnidbwgwvgpztlskkuvksxulsafkkhwdytvte31

android.intent.action.CHOOSER
android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED
com.ui.OnAlarmReceiver.ACTION_WIDGET_RECEIVER
com.android.vending.billing.InAppBillingService.COIN
com.android.vending.billing.InAppBillingService.COIO
com.android.vending.billing.InAppBillingService.LUCM
com.android.vending.billing.InAppBillingService.PROX
ir.cafebazaar.pardakht.InAppBillingService.BIND
ru.aaaaaaax.installer
com.nokia.payment.iapenabler.InAppBillingService.BIND
com.android.vending.billing.InAppBillingService.INST

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.guvrxdrgnfnuyvhjyrsgcfkvtjuqmyrghkliznwicxkxfmnwkd14_CA

systema.verificado.protegido.xyz

Permissions

android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
oppo.permission.OPPO_COMPONENT_SAFE
oplus.permission.OPLUS_COMPONENT_SAFE
com.huawei.permission.external_app_settings.USE_COMPONENT
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT

Receivers

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.ykkodbuoktztaoiaimudynqfwqbhpsudreebmpabosfxaudqhd5.SRytrrqdtnwyyqzryvwdnefxydblylyyxycajswyhulnubnhsiwz74B

systema.verificado.protegido.RestartSensor

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.ykkodbuoktztaoiaimudynqfwqbhpsudreebmpabosfxaudqhd5.ytrrqdtnwyyqzryvwdnefxydblylyyxycajswyhulnubnhsiwz7

android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.REBOOT
android.intent.action.LOCKED_BOOT_COMPLETED
miui.intent.action.BOOT_COMPLETEDT

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.ykkodbuoktztaoiaimudynqfwqbhpsudreebmpabosfxaudqhd5.guvrxdrgnfnuyvhjyrsgcfkvtjuqmyrghkliznwicxkxfmnwkd14_RC

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED
android.intent.action.MY_PACKAGE_REPLACED

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.ykkodbuoktztaoiaimudynqfwqbhpsudreebmpabosfxaudqhd5.ytrrqdtnwyyqzryvwdnefxydblylyyxycajswyhulnubnhsiwz74

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.USER_PRESENT

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.ykkodbuoktztaoiaimudynqfwqbhpsudreebmpabosfxaudqhd5.dateytrrqdtnwyyqzryvwdnefxydblylyyxycajswyhulnubnhsiwz7rec

android.intent.action.DATE_CHANGED

systema.verificado.ytrrqdtnwyyqzryvwdnefxydblylyyxycajswyhulnubnhsiwz7_AR

android.app.action.DEVICE_ADMIN_ENABLED

Services

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.vjvdcpqdxgsfmjcidogizvqftqxezdbfrawlfjjwnebjvhytcu3.ytrrqdtnwyyqzryvwdnefxydblylyyxycajswyhulnubnhsiwz72

android.accessibilityservice.AccessibilityService

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.vjvdcpqdxgsfmjcidogizvqftqxezdbfrawlfjjwnebjvhytcu3.Vpnytrrqdtnwyyqzryvwdnefxydblylyyxycajswyhulnubnhsiwz71Service

android.net.VpnService

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.vjvdcpqdxgsfmjcidogizvqftqxezdbfrawlfjjwnebjvhytcu3.Szekgaomtmdqzluumamheemuwrfemcfnglnqvrkscucxjbjxnte6IME

android.view.InputMethod

Android Permissions

espia (3)_Dropper.apk

Permissions

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.REQUEST_DELETE_PACKAGES

Sharing

General

Malware Config

Extracted

Signatures

Files

com.appd.instll.load

com.appd.instll.splash

Activities

com.appd.instll.splash

Permissions

systema.verificado.protegido

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.ksqjrbbghpdclrnidbwgwvgpztlskkuvksxulsafkkhwdytvte31

Activities

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.ksqjrbbghpdclrnidbwgwvgpztlskkuvksxulsafkkhwdytvte31

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.guvrxdrgnfnuyvhjyrsgcfkvtjuqmyrghkliznwicxkxfmnwkd14_CA

Permissions

Receivers

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.ykkodbuoktztaoiaimudynqfwqbhpsudreebmpabosfxaudqhd5.SRytrrqdtnwyyqzryvwdnefxydblylyyxycajswyhulnubnhsiwz74B

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.ykkodbuoktztaoiaimudynqfwqbhpsudreebmpabosfxaudqhd5.ytrrqdtnwyyqzryvwdnefxydblylyyxycajswyhulnubnhsiwz7

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.ykkodbuoktztaoiaimudynqfwqbhpsudreebmpabosfxaudqhd5.guvrxdrgnfnuyvhjyrsgcfkvtjuqmyrghkliznwicxkxfmnwkd14_RC

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.ykkodbuoktztaoiaimudynqfwqbhpsudreebmpabosfxaudqhd5.ytrrqdtnwyyqzryvwdnefxydblylyyxycajswyhulnubnhsiwz74

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.ykkodbuoktztaoiaimudynqfwqbhpsudreebmpabosfxaudqhd5.dateytrrqdtnwyyqzryvwdnefxydblylyyxycajswyhulnubnhsiwz7rec

systema.verificado.ytrrqdtnwyyqzryvwdnefxydblylyyxycajswyhulnubnhsiwz7_AR

Services

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.vjvdcpqdxgsfmjcidogizvqftqxezdbfrawlfjjwnebjvhytcu3.ytrrqdtnwyyqzryvwdnefxydblylyyxycajswyhulnubnhsiwz72

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.vjvdcpqdxgsfmjcidogizvqftqxezdbfrawlfjjwnebjvhytcu3.Vpnytrrqdtnwyyqzryvwdnefxydblylyyxycajswyhulnubnhsiwz71Service

systema.verificado.tlqqivuefqjfqnynecqyvtlnjcedtynoazsjymdhafdhbvmmkv2.vjvdcpqdxgsfmjcidogizvqftqxezdbfrawlfjjwnebjvhytcu3.Szekgaomtmdqzluumamheemuwrfemcfnglnqvrkscucxjbjxnte6IME

Android Permissions

espia (3)_Dropper.apk