General
-
Target
Porn Hab Premium.apk
-
Size
5.5MB
-
Sample
241030-14epzatlcq
-
MD5
49e8a3bf2928dc8c5406fb7987232ed0
-
SHA1
51c9a283acdc27e45c8952f4b8c3b0f5c2981e4d
-
SHA256
4d8bb1bb46296f968181182372243a0fa2aaea80a4cf82f927922c337f478f32
-
SHA512
626c4cbaac1d5cd4e584b0101570a9b66c53d7dcc3a15506b43235f84e3065aa78e1982079f50fff3a2b921ad2fcc5a0f37d0f10b14e9619c0be4b3c481adb9c
-
SSDEEP
98304:IdoeRbxiuEvTvut0Hrd8+c9o74IoXMErhbEwHqMtBdh8FmzJzB0T20tR2q4:TeRbxBzCaAb8MJ42ozM9w
Malware Config
Extracted
spynote
51.132.229.252:7771
Targets
-
-
Target
Porn Hab Premium.apk
-
Size
5.5MB
-
MD5
49e8a3bf2928dc8c5406fb7987232ed0
-
SHA1
51c9a283acdc27e45c8952f4b8c3b0f5c2981e4d
-
SHA256
4d8bb1bb46296f968181182372243a0fa2aaea80a4cf82f927922c337f478f32
-
SHA512
626c4cbaac1d5cd4e584b0101570a9b66c53d7dcc3a15506b43235f84e3065aa78e1982079f50fff3a2b921ad2fcc5a0f37d0f10b14e9619c0be4b3c481adb9c
-
SSDEEP
98304:IdoeRbxiuEvTvut0Hrd8+c9o74IoXMErhbEwHqMtBdh8FmzJzB0T20tR2q4:TeRbxBzCaAb8MJ42ozM9w
Score7/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Input Injection
1