Overview
overview
10Static
static
6ceксуа...и.apk
windows7-x64
3ceксуа...и.apk
windows10-2004-x64
3ceксуа...и.apk
windows10-ltsc 2021-x64
3ceксуа...и.apk
windows11-21h2-x64
3ceксуа...и.apk
android-10-x64
10ceксуа...и.apk
android-11-x64
1ceксуа...и.apk
android-13-x64
10ceксуа...и.apk
android-9-x86
10ceксуа...и.apk
macos-10.15-amd64
4ceксуа...и.apk
debian-12-armhf
ceксуа...и.apk
debian-12-mipsel
ceксуа...и.apk
debian-9-armhf
ceксуа...и.apk
debian-9-mips
ceксуа...и.apk
debian-9-mipsel
ceксуа...и.apk
ubuntu-18.04-amd64
ceксуа...и.apk
ubuntu-20.04-amd64
ceксуа...и.apk
ubuntu-22.04-amd64
ceксуа...и.apk
ubuntu-24.04-amd64
Analysis
-
max time kernel
149s -
max time network
157s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
11-11-2024 17:13
Static task
static1
Behavioral task
behavioral1
Sample
ceксуальные фоточки.apk
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ceксуальные фоточки.apk
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
ceксуальные фоточки.apk
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
ceксуальные фоточки.apk
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
ceксуальные фоточки.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
ceксуальные фоточки.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
ceксуальные фоточки.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral8
Sample
ceксуальные фоточки.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral9
Sample
ceксуальные фоточки.apk
Resource
macos-20241106-en
Behavioral task
behavioral10
Sample
ceксуальные фоточки.apk
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral11
Sample
ceксуальные фоточки.apk
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral12
Sample
ceксуальные фоточки.apk
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral13
Sample
ceксуальные фоточки.apk
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral14
Sample
ceксуальные фоточки.apk
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral15
Sample
ceксуальные фоточки.apk
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral16
Sample
ceксуальные фоточки.apk
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral17
Sample
ceксуальные фоточки.apk
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral18
Sample
ceксуальные фоточки.apk
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
ceксуальные фоточки.apk
-
Size
4.3MB
-
MD5
91eaf17f7c0bd30a940ba59bdce10f0d
-
SHA1
dfeb11ecfeb42f1e6b5e579189d419973e2b3ac6
-
SHA256
0fefe74d649c4a9026762b125c3a9bf9d9b81397f098897bf40e7198b22ad147
-
SHA512
c554a391099c6ba0e22b50a5fd6e7833bfd33888fdec9913772765a1bd7682bd2eb98d114bb1a4d3139379f37c10b72b192e685b486c1ccdcfac5a494e957c76
-
SSDEEP
98304:KQgmulr7nfBWdyVcbfAArBFOf/5SGMvvT4FPG+:0R7fBWdOcbBBFOf/0GMvvS
Malware Config
Signatures
-
Spynote
Spynote is a Remote Access Trojan first seen in 2017.
-
Spynote family
-
Spynote payload 1 IoCs
Processes:
resource yara_rule behavioral7/files/fstream-1.dat family_spynote -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
highs.isolated.ontoioc pid Process /data/user/0/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml 4347 highs.isolated.onto -
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
highs.isolated.ontodescription ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId highs.isolated.onto -
Acquires the wake lock 1 IoCs
Processes:
highs.isolated.ontodescription ioc Process Framework service call android.os.IPowerManager.acquireWakeLock highs.isolated.onto -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
Processes:
flow ioc 18 8.tcp.eu.ngrok.io 101 8.tcp.eu.ngrok.io 168 8.tcp.eu.ngrok.io -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
highs.isolated.ontodescription ioc Process Framework service call android.app.IActivityManager.setServiceForeground highs.isolated.onto -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
highs.isolated.ontodescription ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS highs.isolated.onto -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
highs.isolated.ontodescription ioc Process Framework service call android.app.job.IJobScheduler.schedule highs.isolated.onto
Processes
Network
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.1MB
MD59121fe8b27e2555f7bd0a0d98a87f5c9
SHA1a89092cf8c5ba5fe4588795b43a7ab4ba624e26a
SHA256fa2f7427bb06bb32ce75a641317aff06215ee1ee729fb533e3185eb6fd039e4f
SHA512ad17edfba4efa19e5dc2a12bde7dddd422001bb563235eb90109dc309de09bec72879398eb9f8e42fae2a3a285035bbf03ca2e1709fdff14c3ee740c640ac66e
-
Filesize
13B
MD5de2c41a51ee9246eb1708f65b511add0
SHA12f442d634c8a18760a232c8829d4b5d74a52f074
SHA256ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab
SHA5127cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a
-
Filesize
53B
MD5d02434b5bafa95a4f5cf759bc2874d00
SHA164ea5089fd67106636ae5080cd19fca1dc2ff6d4
SHA25641f7fb0bda7cf332ff0a6970eaf5bee5a37ef17062436a07b734b66c32ea3c4a
SHA512cb79a158c6fc092ec9a1fb8a6225c75dc93aa0eab8e42ab8fd1bad78eac3584f247841d832d941a3c1c22b761532a83631794fcf3fbd44f391802f15128f2b9c
-
Filesize
61B
MD52f11c0f171c486b5348081d9aed35aa5
SHA1fff6ea893cb148c73786e2f9ed58a00eae0edea3
SHA256e1b6daedf9f44bac415663ad6ed5dd676f8017572bbd39fd614f8260ef1a8926
SHA512905393eb96baf84165e4abf66fac80f8d74b366ca900928becefad900e71844ab4e17dcdb4c8093fbcb47a21ebf98f1b38f341e918a25bff7909a037445f2021
-
Filesize
90B
MD512addd9a71435a3969cacfd169ce8bf3
SHA120c0f94730a4b3b8a27bd184f3b09be5cfbf5263
SHA256202caf0697a956a5b984e2655d425531b86697bd769155ae48f71423235c24eb
SHA51210d6706506598cf2663c2ec9de6902eda359f88084469dca6c3fc92264d014d280164bff6bb8423ac2d1a50fce24514c30943d6f9280870d561ce51bad1c99ff