General
-
Target
Phone-Poisk (3).apk
-
Size
3.7MB
-
Sample
241031-hpegjstqfq
-
MD5
ffabe5577ea725619071ceca4ec2393a
-
SHA1
8645abbf7d6760f6a0aa6961d18aed5638a1253f
-
SHA256
56a38cc613580ed12ccb2a5a03ad5ca9fae01e0f8175b3a00b31335324309c84
-
SHA512
1bb4a661705ec00a75c36bbb9827d2cbed03bee8e9325ad26aa8939ed2320c902b05623b487b3bfba6f33a0b921bbbdb8c16f08d86169f8820e9995422ccc886
-
SSDEEP
98304:NUXgrCby20QvBMyqBxE1xfx4amzXzB7Tk0toolg33:NN2by2HvHHp4VzBXy3
Malware Config
Extracted
spynote
193.233.254.67:7777
Targets
-
-
Target
Phone-Poisk (3).apk
-
Size
3.7MB
-
MD5
ffabe5577ea725619071ceca4ec2393a
-
SHA1
8645abbf7d6760f6a0aa6961d18aed5638a1253f
-
SHA256
56a38cc613580ed12ccb2a5a03ad5ca9fae01e0f8175b3a00b31335324309c84
-
SHA512
1bb4a661705ec00a75c36bbb9827d2cbed03bee8e9325ad26aa8939ed2320c902b05623b487b3bfba6f33a0b921bbbdb8c16f08d86169f8820e9995422ccc886
-
SSDEEP
98304:NUXgrCby20QvBMyqBxE1xfx4amzXzB7Tk0toolg33:NN2by2HvHHp4VzBXy3
Score7/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1