spymax | sc[.]apk

General

Target

sc.apk
Size

57KB
MD5

84a4ea52408081ce169cf4b15a8197ac
SHA1

cf9ac5c4b6065b885fa57e0bd5d3561b0674c0a3
SHA256

90d7600757bfab0f166b86b20b93b287b8184ebc93395557cc60ed959c0e0550
SHA512

3ab2fefd309465ba3ed192d1ef69b2421d700dae7f9a7f57c3b9140fc8fa856da5be213752b33aa9c218405a71a78330981e29fc02a19af6becc0775adf29236
SSDEEP

768:tBGtu9mcqD69o9OAo/i3KJ3yDpA0bGAatOQTk8CNXmpwmaSRY3buXisgEDUtkwnn:M/3bulwFIcElPSYQM2rrtpKtt/Z4VE2J

Score

10^/10

spymax

Malware Config

Extracted

Family

spymax

C2

[SPY_MAX_IP]:[SPY_MAX_PORT]

Signatures

Spymax family
spymax

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 5 IoCs

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

Files

sc.apk
.apk android

spymax.stub7.suffix

spymax.stub7.ClassGen9

Activities

spymax.stub7.ClassGen9

android.intent.action.MAIN

Permissions

android.permission.WRITE_SETTINGS
android.permission.WRITE_SECURE_SETTINGS
android.permission.FOREGROUND_SERVICE
android.permission.READ_SMS
android.permission.GET_ACCOUNTS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
com.oppo.launcher.permission.READ_SETTINGS
android.permission.KILL_BACKGROUND_PROCESSES

Receivers

spymax.stub7.ClassGen1

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON

spymax.stub7.ClassGen14

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.Intent.ACTION_USER_PRESENT

Services

spymax.stub7.ClassGen12

android.accessibilityservice.AccessibilityService

Android Permissions

sc.apk

Permissions

android.permission.WRITE_SETTINGS

android.permission.WRITE_SECURE_SETTINGS

android.permission.FOREGROUND_SERVICE

android.permission.READ_SMS

android.permission.GET_ACCOUNTS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.INTERNET

android.permission.SYSTEM_ALERT_WINDOW

android.permission.READ_PHONE_STATE

android.permission.WAKE_LOCK

com.android.alarm.permission.SET_ALARM

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

com.oppo.launcher.permission.READ_SETTINGS

android.permission.KILL_BACKGROUND_PROCESSES

Sharing

General

Malware Config

Extracted

Signatures

Files

spymax.stub7.suffix

spymax.stub7.ClassGen9

Activities

spymax.stub7.ClassGen9

Permissions

Receivers

spymax.stub7.ClassGen1

spymax.stub7.ClassGen14

Services

spymax.stub7.ClassGen12

Android Permissions

sc.apk