General
-
Target
ready (3).apk
-
Size
3.7MB
-
Sample
241031-h8abyavmaq
-
MD5
4118b47fd298da7aa3fe1de85797b5fd
-
SHA1
2d3c69ce917756d6e1e27cabc44648d401aeffe9
-
SHA256
a34c41ef70c23ab8e474ab940ff369971aa4538f7fe6a9f7e2ecc7c7ae4c329e
-
SHA512
2f0adc12d64ddc3fbe29968b275c750697d2009bcf5bf3101d696ba806cc07816701c8004adca367d62ad02b3dd5398db9a9b6b137e7c559202538e1273a1a05
-
SSDEEP
98304:rVpx3/LBRqCrFFJ8yB2oU6mz/zBjTI0twvWFl:JpRvqCXJVQoU1zZzh
Malware Config
Extracted
spynote
109.107.182.213:7771
Targets
-
-
Target
ready (3).apk
-
Size
3.7MB
-
MD5
4118b47fd298da7aa3fe1de85797b5fd
-
SHA1
2d3c69ce917756d6e1e27cabc44648d401aeffe9
-
SHA256
a34c41ef70c23ab8e474ab940ff369971aa4538f7fe6a9f7e2ecc7c7ae4c329e
-
SHA512
2f0adc12d64ddc3fbe29968b275c750697d2009bcf5bf3101d696ba806cc07816701c8004adca367d62ad02b3dd5398db9a9b6b137e7c559202538e1273a1a05
-
SSDEEP
98304:rVpx3/LBRqCrFFJ8yB2oU6mz/zBjTI0twvWFl:JpRvqCXJVQoU1zZzh
Score7/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1