spynote | ready (4)_Dropper (2)[.]apk

General

Target

ready (4)_Dropper (2).apk
Size

6.6MB
MD5

d1a5cc5d21d96634cf7de550d2669647
SHA1

4cfd20130c734de24beacabdd84768d702642c95
SHA256

d1513a01b95f752ecf4bc6f7c110b7f13efa03df22b1ad27ee30bd0cca13349c
SHA512

f2f8e2e5c0fb443ede592bb9489a842c61dbe256a9c4eddfca196f30bb2f8493c472e5a62c10b80c1306ced90ed3b72c938df261c773273bb240e63fe2e82ba6
SSDEEP

196608:/nE1NV3eQyQn9d1C7BUe/Ucxt9yatmKXh0Lcd7RW:/nEzVHrnb87BUerxfPvXTd7s

Score

10^/10

spynote

Malware Config

Extracted

Family

spynote

C2

br2.localto.net:1105

Signatures

Spynote family
spynote
Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 3 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards).	android.permission.BIND_INPUT_METHOD

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES

Files

ready (4)_Dropper (2).apk
.apk android

com.appd.instll.load

com.appd.instll.splash

Activities

com.appd.instll.splash

android.intent.action.MAIN
android.intent.action.VIEW

Permissions

android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
childapp.apk
.apk android

fotosshop.org.nacionalphotos

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.wafctvbyyntqjtfvaxcakzsisbmazwmnsbkcfzgfmimtswrunc31

Activities

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.wafctvbyyntqjtfvaxcakzsisbmazwmnsbkcfzgfmimtswrunc31

android.intent.action.CHOOSER
android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED
com.ui.OnAlarmReceiver.ACTION_WIDGET_RECEIVER
com.android.vending.billing.InAppBillingService.COIN
com.android.vending.billing.InAppBillingService.COIO
com.android.vending.billing.InAppBillingService.LUCM
com.android.vending.billing.InAppBillingService.PROX
ir.cafebazaar.pardakht.InAppBillingService.BIND
ru.aaaaaaax.installer
com.nokia.payment.iapenabler.InAppBillingService.BIND
com.android.vending.billing.InAppBillingService.INST

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.zjleasqgyuhpvcyolkjczjdnrigoggdjoflcvcmmxhroddznry14_CA

fotosshop.org.nacionalphotos.xyz

Permissions

android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
oppo.permission.OPPO_COMPONENT_SAFE
oplus.permission.OPLUS_COMPONENT_SAFE
com.huawei.permission.external_app_settings.USE_COMPONENT
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT

Receivers

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.qawntkjoymfpxspaihlqxhddyqzkxiaapgghypahjemvncihqk5.SRcsanrignyyglxmccqryjdiufguoqvcfiwelqrsodfrtchitzxb74B

fotosshop.org.nacionalphotos.RestartSensor

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.qawntkjoymfpxspaihlqxhddyqzkxiaapgghypahjemvncihqk5.csanrignyyglxmccqryjdiufguoqvcfiwelqrsodfrtchitzxb7

android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.REBOOT
android.intent.action.LOCKED_BOOT_COMPLETED
miui.intent.action.BOOT_COMPLETEDT

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.qawntkjoymfpxspaihlqxhddyqzkxiaapgghypahjemvncihqk5.zjleasqgyuhpvcyolkjczjdnrigoggdjoflcvcmmxhroddznry14_RC

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED
android.intent.action.MY_PACKAGE_REPLACED

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.qawntkjoymfpxspaihlqxhddyqzkxiaapgghypahjemvncihqk5.csanrignyyglxmccqryjdiufguoqvcfiwelqrsodfrtchitzxb74

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.USER_PRESENT

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.qawntkjoymfpxspaihlqxhddyqzkxiaapgghypahjemvncihqk5.datecsanrignyyglxmccqryjdiufguoqvcfiwelqrsodfrtchitzxb7rec

android.intent.action.DATE_CHANGED

fotosshop.org.csanrignyyglxmccqryjdiufguoqvcfiwelqrsodfrtchitzxb7_AR

android.app.action.DEVICE_ADMIN_ENABLED

Services

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.zxdfzxlvlijvfqsjgjagkhcnnrrrsfddfkyenbmiwpgveayyhy3.csanrignyyglxmccqryjdiufguoqvcfiwelqrsodfrtchitzxb72

android.accessibilityservice.AccessibilityService

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.zxdfzxlvlijvfqsjgjagkhcnnrrrsfddfkyenbmiwpgveayyhy3.Vpncsanrignyyglxmccqryjdiufguoqvcfiwelqrsodfrtchitzxb71Service

android.net.VpnService

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.zxdfzxlvlijvfqsjgjagkhcnnrrrsfddfkyenbmiwpgveayyhy3.Snwpkyrmiztjknjuclnyrtibcxlimydsvkcwoawowmukgkkgqnc6IME

android.view.InputMethod

Android Permissions

ready (4)_Dropper (2).apk

Permissions

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.REQUEST_DELETE_PACKAGES

Sharing

General

Malware Config

Extracted

Signatures

Files

com.appd.instll.load

com.appd.instll.splash

Activities

com.appd.instll.splash

Permissions

fotosshop.org.nacionalphotos

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.wafctvbyyntqjtfvaxcakzsisbmazwmnsbkcfzgfmimtswrunc31

Activities

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.wafctvbyyntqjtfvaxcakzsisbmazwmnsbkcfzgfmimtswrunc31

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.zjleasqgyuhpvcyolkjczjdnrigoggdjoflcvcmmxhroddznry14_CA

Permissions

Receivers

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.qawntkjoymfpxspaihlqxhddyqzkxiaapgghypahjemvncihqk5.SRcsanrignyyglxmccqryjdiufguoqvcfiwelqrsodfrtchitzxb74B

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.qawntkjoymfpxspaihlqxhddyqzkxiaapgghypahjemvncihqk5.csanrignyyglxmccqryjdiufguoqvcfiwelqrsodfrtchitzxb7

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.qawntkjoymfpxspaihlqxhddyqzkxiaapgghypahjemvncihqk5.zjleasqgyuhpvcyolkjczjdnrigoggdjoflcvcmmxhroddznry14_RC

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.qawntkjoymfpxspaihlqxhddyqzkxiaapgghypahjemvncihqk5.csanrignyyglxmccqryjdiufguoqvcfiwelqrsodfrtchitzxb74

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.qawntkjoymfpxspaihlqxhddyqzkxiaapgghypahjemvncihqk5.datecsanrignyyglxmccqryjdiufguoqvcfiwelqrsodfrtchitzxb7rec

fotosshop.org.csanrignyyglxmccqryjdiufguoqvcfiwelqrsodfrtchitzxb7_AR

Services

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.zxdfzxlvlijvfqsjgjagkhcnnrrrsfddfkyenbmiwpgveayyhy3.csanrignyyglxmccqryjdiufguoqvcfiwelqrsodfrtchitzxb72

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.zxdfzxlvlijvfqsjgjagkhcnnrrrsfddfkyenbmiwpgveayyhy3.Vpncsanrignyyglxmccqryjdiufguoqvcfiwelqrsodfrtchitzxb71Service

fotosshop.org.xxqjhefiuhnbnwhcshusfpebmmglfntlqkawvgdqgayirftsgt2.zxdfzxlvlijvfqsjgjagkhcnnrrrsfddfkyenbmiwpgveayyhy3.Snwpkyrmiztjknjuclnyrtibcxlimydsvkcwoawowmukgkkgqnc6IME

Android Permissions

ready (4)_Dropper (2).apk