General

  • Target

    dcbb56431f160fbab1043d07538051b8d89ac24d96baa1dcf6adff012bab82d5.bin

  • Size

    760KB

  • Sample

    241026-1zz54s1ark

  • MD5

    2ed8e0604946741da8ed586836bf0a61

  • SHA1

    1ac616b38bebfe50fa6f8dcdb20b6f6bb98e1ff0

  • SHA256

    dcbb56431f160fbab1043d07538051b8d89ac24d96baa1dcf6adff012bab82d5

  • SHA512

    476734fe37143ca22925bc53690be223de6c89fce733f54421b4789552ac7d1b7197df663efc589739aeb7f20dfe1e1ded55d0ae80928c7f27ef3913a43e7ea3

  • SSDEEP

    12288:CPtIbRWa1a8LdeAr6DatTv5WmpYshXZPbGwidNpg6:CPza1a6eA4atTv5WmD9idNpB

Malware Config

Extracted

Family

spynote

C2

0.tcp.ngrok.io:14051

Targets

    • Target

      dcbb56431f160fbab1043d07538051b8d89ac24d96baa1dcf6adff012bab82d5.bin

    • Size

      760KB

    • MD5

      2ed8e0604946741da8ed586836bf0a61

    • SHA1

      1ac616b38bebfe50fa6f8dcdb20b6f6bb98e1ff0

    • SHA256

      dcbb56431f160fbab1043d07538051b8d89ac24d96baa1dcf6adff012bab82d5

    • SHA512

      476734fe37143ca22925bc53690be223de6c89fce733f54421b4789552ac7d1b7197df663efc589739aeb7f20dfe1e1ded55d0ae80928c7f27ef3913a43e7ea3

    • SSDEEP

      12288:CPtIbRWa1a8LdeAr6DatTv5WmpYshXZPbGwidNpg6:CPza1a6eA4atTv5WmD9idNpB

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Mobile v15

Tasks