General
-
Target
Predator..apk
-
Size
5.4MB
-
Sample
241030-246zwstamb
-
MD5
1d6981826bf25d9bbe4e4ff2a5954df0
-
SHA1
23237c1b3a0cd807a958c5e600a54e18ea60abb5
-
SHA256
41020ab0991a8cb17d6be95e80b96ea65e5694b128ef807b223305bef779e56e
-
SHA512
f148a4ee83152a22cb7cb73563294763d12de2d040085fdc4d366404abe5a828f6af230d78d78acee0f1f7a897919928378d183059ff240c2b069607563f4e57
-
SSDEEP
98304:NZySOqmzlTS0tAzBLdblZQ/0/goHgQ2edJFA8C6ZTqNNB8KMgQZ/g0rvNE:NTuzlRboHgQDd3+
Static task
static1
Behavioral task
behavioral1
Sample
Predator..apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
Predator..apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
Predator..apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
spynote
89.238.177.28:7744
Targets
-
-
Target
Predator..apk
-
Size
5.4MB
-
MD5
1d6981826bf25d9bbe4e4ff2a5954df0
-
SHA1
23237c1b3a0cd807a958c5e600a54e18ea60abb5
-
SHA256
41020ab0991a8cb17d6be95e80b96ea65e5694b128ef807b223305bef779e56e
-
SHA512
f148a4ee83152a22cb7cb73563294763d12de2d040085fdc4d366404abe5a828f6af230d78d78acee0f1f7a897919928378d183059ff240c2b069607563f4e57
-
SSDEEP
98304:NZySOqmzlTS0tAzBLdblZQ/0/goHgQ2edJFA8C6ZTqNNB8KMgQZ/g0rvNE:NTuzlRboHgQDd3+
-
Spynote family
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1