General
-
Target
Porn Hub Premium.apk
-
Size
5.5MB
-
Sample
241030-176mvsscpe
-
MD5
ca5829c89ba101b447f7c99b0fea784b
-
SHA1
c57968863f8a882d18554d613d0afa29c52e5123
-
SHA256
bf1de121cca70ee568a3c446049bbb547f09273579c58b0c30ec837d06f8209b
-
SHA512
a7eafeb082b74888f24d29906a2cd20a7c8c82738b1e846738b4cb3e533e0afafcc01216c1e9f1d6e82908dac4d34eaf35f1aecee75aff2ddf514b87a74f51c2
-
SSDEEP
98304:a4KNbkyi02grv5x7+SKT8hrhpxwmzhzBaTa0tGvbB:KN7i0rlYTAFpxPzG56
Malware Config
Extracted
spynote
51.132.229.252:7771
Targets
-
-
Target
Porn Hub Premium.apk
-
Size
5.5MB
-
MD5
ca5829c89ba101b447f7c99b0fea784b
-
SHA1
c57968863f8a882d18554d613d0afa29c52e5123
-
SHA256
bf1de121cca70ee568a3c446049bbb547f09273579c58b0c30ec837d06f8209b
-
SHA512
a7eafeb082b74888f24d29906a2cd20a7c8c82738b1e846738b4cb3e533e0afafcc01216c1e9f1d6e82908dac4d34eaf35f1aecee75aff2ddf514b87a74f51c2
-
SSDEEP
98304:a4KNbkyi02grv5x7+SKT8hrhpxwmzhzBaTa0tGvbB:KN7i0rlYTAFpxPzG56
Score7/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests enabling of the accessibility settings.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Input Injection
1