General

  • Target

    client.apk

  • Size

    760KB

  • Sample

    241107-zqa9ysydjn

  • MD5

    7f88e90adbe24dbc137ed4b4bf341bf4

  • SHA1

    7642e800215660dca38706010963efe84e8918d4

  • SHA256

    df614aeface79c259513d736bd030c606c1b152e76936be9daef69e2a01cde86

  • SHA512

    543a8c6c8e7d20e9bf000aa40e54c3dc996deea027b6aa1a6dae95ec8875ed55326b8a56398dc25cc85f2140505fabe6c1a1579e26cde68e340ab5d9d8aebe59

  • SSDEEP

    12288:JfOV7Raa1a8LzeV3gSGHu+5WmpYshXZPbGwidNpgw:Jm+a1ameVLGHu+5WmD9idNpj

Malware Config

Extracted

Family

spynote

C2

ADOLFGITLER-51068.portmap.host:51068

Targets

    • Target

      client.apk

    • Size

      760KB

    • MD5

      7f88e90adbe24dbc137ed4b4bf341bf4

    • SHA1

      7642e800215660dca38706010963efe84e8918d4

    • SHA256

      df614aeface79c259513d736bd030c606c1b152e76936be9daef69e2a01cde86

    • SHA512

      543a8c6c8e7d20e9bf000aa40e54c3dc996deea027b6aa1a6dae95ec8875ed55326b8a56398dc25cc85f2140505fabe6c1a1579e26cde68e340ab5d9d8aebe59

    • SSDEEP

      12288:JfOV7Raa1a8LzeV3gSGHu+5WmpYshXZPbGwidNpgw:Jm+a1ameVLGHu+5WmD9idNpj

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks