General
-
Target
Predator.apk
-
Size
3.8MB
-
Sample
241101-gachzaxgjr
-
MD5
e3692189cb07927d7b91c4fa42f0061e
-
SHA1
f6656e88b36a0736c818e01770ec1d619ddbc1fb
-
SHA256
adf03b08cdc41240a67daf86276291f5874773b2f7d0c03c84b176f541a0b81e
-
SHA512
bc5f755e7e1eaf3cb1dd424f7dd85a851049bd1cea3aeefe97fd9a18f625ae9feafcf6a810cfd5f5b72de60a8a89c651cceaad3127239804e461b2042007a9ac
-
SSDEEP
98304:u8P8ErQszcZWkpcARbCN19PyQmzVzBKTo0tVR4Mw:u7yPcZWqcARmNjyvzqTw
Malware Config
Extracted
spynote
51.132.229.252:7771
Targets
-
-
Target
Predator.apk
-
Size
3.8MB
-
MD5
e3692189cb07927d7b91c4fa42f0061e
-
SHA1
f6656e88b36a0736c818e01770ec1d619ddbc1fb
-
SHA256
adf03b08cdc41240a67daf86276291f5874773b2f7d0c03c84b176f541a0b81e
-
SHA512
bc5f755e7e1eaf3cb1dd424f7dd85a851049bd1cea3aeefe97fd9a18f625ae9feafcf6a810cfd5f5b72de60a8a89c651cceaad3127239804e461b2042007a9ac
-
SSDEEP
98304:u8P8ErQszcZWkpcARbCN19PyQmzVzBKTo0tVR4Mw:u7yPcZWqcARmNjyvzqTw
Score7/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1