General
-
Target
ready (4).apk
-
Size
3.7MB
-
Sample
241031-jd756atgrr
-
MD5
fa6db6a7015ea8e8e96a6ae5dee7f822
-
SHA1
689ce0a63b57915974bc80769a5c5ea136ce020c
-
SHA256
a5cf09df96aa76a68321a8d9f165212161d5ac9cea89d326afdc9df0487c30a6
-
SHA512
5147f5f5bb65a54216bb5e840536a02f22511263d194fa66b0d4cea1d53b45888d62c23f7fa242dfa385d31687aa624cf09ff0aa7218f87426169a1f53446989
-
SSDEEP
98304:+AWzZvVNCInTsPRn4WaamzjzBFT20t8juH8:bW5WIqKVzz9t8
Malware Config
Extracted
spynote
193.233.254.67:7777
Targets
-
-
Target
ready (4).apk
-
Size
3.7MB
-
MD5
fa6db6a7015ea8e8e96a6ae5dee7f822
-
SHA1
689ce0a63b57915974bc80769a5c5ea136ce020c
-
SHA256
a5cf09df96aa76a68321a8d9f165212161d5ac9cea89d326afdc9df0487c30a6
-
SHA512
5147f5f5bb65a54216bb5e840536a02f22511263d194fa66b0d4cea1d53b45888d62c23f7fa242dfa385d31687aa624cf09ff0aa7218f87426169a1f53446989
-
SSDEEP
98304:+AWzZvVNCInTsPRn4WaamzjzBFT20t8juH8:bW5WIqKVzz9t8
Score8/10-
Removes its main activity from the application launcher
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1