General
-
Target
ready_en.apk
-
Size
3.7MB
-
Sample
241031-jrbdcavbkl
-
MD5
7b8b9faf460cdecc9d8f356e783e8854
-
SHA1
6611c3249b43e17688f2a302deb41ff2e926cf63
-
SHA256
54290b92dfac0716366abf1e0326a8680081088ba17746910016a4dcf67bd2ba
-
SHA512
72a6f67ed43ce0ffd4eef083fa8f4a156b7d8c385fde88e2f9616c06df1be26cd30b5e209b4945efee175c9e56823d94bf08ba7aac0157873a79194116f09c66
-
SSDEEP
98304:wQzBYT4mzmI/0tZ9InxuvZXOSJ23CTodwT:MHzmD7Inodv23CTodwT
Malware Config
Extracted
spynote
193.233.254.67:7777
Targets
-
-
Target
ready_en.apk
-
Size
3.7MB
-
MD5
7b8b9faf460cdecc9d8f356e783e8854
-
SHA1
6611c3249b43e17688f2a302deb41ff2e926cf63
-
SHA256
54290b92dfac0716366abf1e0326a8680081088ba17746910016a4dcf67bd2ba
-
SHA512
72a6f67ed43ce0ffd4eef083fa8f4a156b7d8c385fde88e2f9616c06df1be26cd30b5e209b4945efee175c9e56823d94bf08ba7aac0157873a79194116f09c66
-
SSDEEP
98304:wQzBYT4mzmI/0tZ9InxuvZXOSJ23CTodwT:MHzmD7Inodv23CTodwT
Score8/10-
Removes its main activity from the application launcher
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1