General

  • Target

    GeoGebra 3.apk

  • Size

    18.2MB

  • Sample

    241101-ha76baxhpc

  • MD5

    698f82319c010c941667a1d96c128030

  • SHA1

    e936e30128876cd5e2561b547a68d379f9f45e38

  • SHA256

    e94ae5b644031839e8d88d4331e39751e4de258f2a62bfc4807392cc49a5e166

  • SHA512

    76623d9f767b8e6d94ef1bd3ed82f02be23cf25c028b1715c61195a9079268ccf9d01cdd695e8602e45be3af3ebf19c57c89afa09b20ccd22c8a1b7053b22d34

  • SSDEEP

    393216:bdBwEl5BYwJwhLTvSXUvpYsq3isyHkUkyr795YM3ixSSXHPRl6vIbaQwwHnT9:7JwtSXUvesqyTro4i5LbaQww5

Malware Config

Extracted

Family

spynote

C2

5.42.92.97:7771

Targets

    • Target

      GeoGebra 3.apk

    • Size

      18.2MB

    • MD5

      698f82319c010c941667a1d96c128030

    • SHA1

      e936e30128876cd5e2561b547a68d379f9f45e38

    • SHA256

      e94ae5b644031839e8d88d4331e39751e4de258f2a62bfc4807392cc49a5e166

    • SHA512

      76623d9f767b8e6d94ef1bd3ed82f02be23cf25c028b1715c61195a9079268ccf9d01cdd695e8602e45be3af3ebf19c57c89afa09b20ccd22c8a1b7053b22d34

    • SSDEEP

      393216:bdBwEl5BYwJwhLTvSXUvpYsq3isyHkUkyr795YM3ixSSXHPRl6vIbaQwwHnT9:7JwtSXUvesqyTro4i5LbaQww5

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Acquires the wake lock

    • Queries information about active data network

MITRE ATT&CK Mobile v15

Tasks