General

  • Target

    9fe5e2d2d7ab392aa85d952622be618695ee0789e877638e0d2dba2f075b5c88.bin

  • Size

    2.5MB

  • Sample

    241022-1z9pjsyell

  • MD5

    dbd11ad03a092c872df6081a5312d3c8

  • SHA1

    3b0971360fd04a39cda25e269f27b721b21210e1

  • SHA256

    9fe5e2d2d7ab392aa85d952622be618695ee0789e877638e0d2dba2f075b5c88

  • SHA512

    09527914afe8d94e2b073dd22afcde048003709f607cf0dc6e7494c3d479a21a76343fa7ca158df80e4f391aaced1b4bc6f8addf9e747d6c8c4005036cffc3b0

  • SSDEEP

    49152:DXa1ag7avYKo3K6TgrPitfyblFg4ggnnfrmSQ6Wk0d/8:s+vYKo3K6aitaYGnfrmrqN

Malware Config

Extracted

Family

spynote

C2

192.168.0.101:1212

Targets

    • Target

      9fe5e2d2d7ab392aa85d952622be618695ee0789e877638e0d2dba2f075b5c88.bin

    • Size

      2.5MB

    • MD5

      dbd11ad03a092c872df6081a5312d3c8

    • SHA1

      3b0971360fd04a39cda25e269f27b721b21210e1

    • SHA256

      9fe5e2d2d7ab392aa85d952622be618695ee0789e877638e0d2dba2f075b5c88

    • SHA512

      09527914afe8d94e2b073dd22afcde048003709f607cf0dc6e7494c3d479a21a76343fa7ca158df80e4f391aaced1b4bc6f8addf9e747d6c8c4005036cffc3b0

    • SSDEEP

      49152:DXa1ag7avYKo3K6TgrPitfyblFg4ggnnfrmSQ6Wk0d/8:s+vYKo3K6aitaYGnfrmrqN

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks