spynote | Фоточки[.]apk

General

Target

Фоточки.apk
Size

5.4MB
MD5

d87c5428d2ea1698309431f715227084
SHA1

4ba458a6671ab8830f0e1cb782de386cbc5e388a
SHA256

d8438b05118a01791311dcadd84d429191a9975f9afa8310a4a92ade5a2bc4d2
SHA512

c24dedb312049be82be6189ee638b2b354b16796944b82b7fc263d923b1afc7352658188e3e17f52f75b3caed85764c73c1f721eb7eeaeac6c4813da0aa6a7e7
SSDEEP

98304:aZBgLCrAZMbyDt4QjH2OFo2Ew+Y9883t9qdAY2EUXHbhbuZOf8eepoVP8BHq:Okkc4Qr2OFoZ+32A3ztuZOkeVPgHq

Score

10^/10

spynote

Malware Config

Extracted

Family

spynote

C2

91.214.78.18:7771

Signatures

Spynote family
spynote
Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 3 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards).	android.permission.BIND_INPUT_METHOD

Requests dangerous framework permissions 1 IoCs

description	ioc
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES

Files

Фоточки.apk
.apk android

jqzlto.nuhkrf.uehkxv

net.collez.never.b

Activities

net.collez.never.b

android.intent.action.MAIN

net.collez.never.a

com.example.tiramisudropper.SESSION_API_PACKAGE_INSTALLED

Permissions

android.permission.REQUEST_INSTALL_PACKAGES
jqzlto.nuhkrf.uehkxv.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
lariska.apk
.apk android

trace.editorial.georgia

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.numnoyutbhncvbqkrohuviahfyrunsrsmknmlbxrycrvsresii31

Activities

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.numnoyutbhncvbqkrohuviahfyrunsrsmknmlbxrycrvsresii31

android.intent.action.CHOOSER
android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED
com.ui.OnAlarmReceiver.ACTION_WIDGET_RECEIVER
com.android.vending.billing.InAppBillingService.COIN
com.android.vending.billing.InAppBillingService.COIO
com.android.vending.billing.InAppBillingService.LUCM
com.android.vending.billing.InAppBillingService.PROX
ir.cafebazaar.pardakht.InAppBillingService.BIND
ru.aaaaaaax.installer
com.nokia.payment.iapenabler.InAppBillingService.BIND
com.android.vending.billing.InAppBillingService.INST

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.mousnkzpvyfageuglwrxdijzjxwyozhnmwiskugnnniayvpwvt14_CA

trace.editorial.georgia.xyz

Permissions

android.permission.SEND_SMS
android.permission.SET_WALLPAPER
android.permission.READ_SMS
android.permission.READ_CALL_LOG
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.CALL_PHONE
android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
oppo.permission.OPPO_COMPONENT_SAFE
oplus.permission.OPLUS_COMPONENT_SAFE
com.huawei.permission.external_app_settings.USE_COMPONENT
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT

Receivers

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.zbydgflwxxjlsefovxdrtaejavahekkrjavxlkfvunylrfwwfd5.SRxqcsduolylbqtburqkjwjnircilvuxlshrfdyayjeykdkmhabn74B

trace.editorial.georgia.RestartSensor

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.zbydgflwxxjlsefovxdrtaejavahekkrjavxlkfvunylrfwwfd5.xqcsduolylbqtburqkjwjnircilvuxlshrfdyayjeykdkmhabn7

android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.REBOOT
android.intent.action.LOCKED_BOOT_COMPLETED
miui.intent.action.BOOT_COMPLETEDT

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.zbydgflwxxjlsefovxdrtaejavahekkrjavxlkfvunylrfwwfd5.mousnkzpvyfageuglwrxdijzjxwyozhnmwiskugnnniayvpwvt14_RC

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED
android.intent.action.MY_PACKAGE_REPLACED

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.zbydgflwxxjlsefovxdrtaejavahekkrjavxlkfvunylrfwwfd5.xqcsduolylbqtburqkjwjnircilvuxlshrfdyayjeykdkmhabn74

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.USER_PRESENT

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.zbydgflwxxjlsefovxdrtaejavahekkrjavxlkfvunylrfwwfd5.datexqcsduolylbqtburqkjwjnircilvuxlshrfdyayjeykdkmhabn7rec

android.intent.action.DATE_CHANGED

trace.editorial.xqcsduolylbqtburqkjwjnircilvuxlshrfdyayjeykdkmhabn7_AR

android.app.action.DEVICE_ADMIN_ENABLED

Services

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.ovvdzygfoejhjcxybtewonzogkzkejsvudfumwpuvzxnylzguc3.xqcsduolylbqtburqkjwjnircilvuxlshrfdyayjeykdkmhabn72

android.accessibilityservice.AccessibilityService

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.ovvdzygfoejhjcxybtewonzogkzkejsvudfumwpuvzxnylzguc3.Vpnxqcsduolylbqtburqkjwjnircilvuxlshrfdyayjeykdkmhabn71Service

android.net.VpnService

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.ovvdzygfoejhjcxybtewonzogkzkejsvudfumwpuvzxnylzguc3.Scujejpcixacdkdcfswjxlbmmhmvdrhcoelgwygefizhczfmehl6IME

android.view.InputMethod

Android Permissions

Фоточки.apk

Permissions

android.permission.REQUEST_INSTALL_PACKAGES

jqzlto.nuhkrf.uehkxv.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Sharing

General

Malware Config

Extracted

Signatures

Files

jqzlto.nuhkrf.uehkxv

net.collez.never.b

Activities

net.collez.never.b

net.collez.never.a

Permissions

trace.editorial.georgia

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.numnoyutbhncvbqkrohuviahfyrunsrsmknmlbxrycrvsresii31

Activities

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.numnoyutbhncvbqkrohuviahfyrunsrsmknmlbxrycrvsresii31

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.mousnkzpvyfageuglwrxdijzjxwyozhnmwiskugnnniayvpwvt14_CA

Permissions

Receivers

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.zbydgflwxxjlsefovxdrtaejavahekkrjavxlkfvunylrfwwfd5.SRxqcsduolylbqtburqkjwjnircilvuxlshrfdyayjeykdkmhabn74B

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.zbydgflwxxjlsefovxdrtaejavahekkrjavxlkfvunylrfwwfd5.xqcsduolylbqtburqkjwjnircilvuxlshrfdyayjeykdkmhabn7

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.zbydgflwxxjlsefovxdrtaejavahekkrjavxlkfvunylrfwwfd5.mousnkzpvyfageuglwrxdijzjxwyozhnmwiskugnnniayvpwvt14_RC

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.zbydgflwxxjlsefovxdrtaejavahekkrjavxlkfvunylrfwwfd5.xqcsduolylbqtburqkjwjnircilvuxlshrfdyayjeykdkmhabn74

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.zbydgflwxxjlsefovxdrtaejavahekkrjavxlkfvunylrfwwfd5.datexqcsduolylbqtburqkjwjnircilvuxlshrfdyayjeykdkmhabn7rec

trace.editorial.xqcsduolylbqtburqkjwjnircilvuxlshrfdyayjeykdkmhabn7_AR

Services

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.ovvdzygfoejhjcxybtewonzogkzkejsvudfumwpuvzxnylzguc3.xqcsduolylbqtburqkjwjnircilvuxlshrfdyayjeykdkmhabn72

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.ovvdzygfoejhjcxybtewonzogkzkejsvudfumwpuvzxnylzguc3.Vpnxqcsduolylbqtburqkjwjnircilvuxlshrfdyayjeykdkmhabn71Service

trace.editorial.hfyxfwtanfkayywtkadsupisewcmdcxdtzrpgslrhikolvlkzq2.ovvdzygfoejhjcxybtewonzogkzkejsvudfumwpuvzxnylzguc3.Scujejpcixacdkdcfswjxlbmmhmvdrhcoelgwygefizhczfmehl6IME

Android Permissions

Фоточки.apk