Analysis
-
max time kernel
47s -
max time network
83s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
14-11-2024 18:25
General
-
Target
So2.apk
-
Size
1.5MB
-
MD5
27854fa8fd2cdf893fccc964bb68bfe8
-
SHA1
f104284d5f03ad564ad63ba313c875146271130e
-
SHA256
7d9215824ef31a2d85c9cc1cdf5850483ed8ad8cd28a54028ea653486242423d
-
SHA512
d591864ed48f9b9ac124763ca49d91d89ea036959d0921166f1b5a0ed786fc646bdf4cde7058e66848df88c93ef8cdf4c95e552709e7bdaca62913261c8939f0
-
SSDEEP
24576:48a1a2es2CY6a1a2erjLTsi5WmD9idNph/hJeA5WmD9idNpB:48a1aY2J6a1aXvhWk0d/h5zWk0d/B
Malware Config
Extracted
spynote
go-puppy.gl.at.ply.gg:56337
Signatures
-
Spynote
Spynote is a Remote Access Trojan first seen in 2017.
-
Spynote family
-
Spynote payload 1 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Declares broadcast receivers with permission to handle system events 1 IoCs
-
Declares services with permission to bind to the system 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests dangerous framework permissions 18 IoCs
-
Requests enabling of the accessibility settings. 1 IoCs
-
Tries to add a device administrator. 2 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes
-
cmf0.c3b5bm90zq.patch1⤵
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
777KB
MD58acc2d3e421e001ad6994e57919ebea8
SHA167ff912d62177157c2a3fd6130fa722714004471
SHA256f0cf462438fee1d63b901abf7c2537a489c13c5c217f93a64c94040a9ecb2b53
SHA512da72d00b302c7fa86489ce807f17fe2c83dba55c2e14819c832ff2ea90623d0b7f2e930f471e1bc7cc18dfae15fe14dd6a9880afd4556fb4b1f300466accedf0
-
Filesize
61B
MD5176247abf2167c7bfa0bbf691dccb371
SHA144b23e99e6d6176a7a02b86e4aad20c822c9e0da
SHA25604d3898f8aade03f86bd12f5ca2cff3216012876ea387cff7a8b5dbab49eb3a3
SHA512fc3b101f9089364b2a6f97d308db99c4905b6800c0ad476d6f440ccb441ff6d8a7644bd6795abd9795669dff87640607e7e831c8e6cc5d608609b8e70e7fd004
-
Filesize
58B
MD56b8a8d17bf214c1a4b45dc090504e2f2
SHA1bf9e9419f655e62f59a549d5c528d0a58fc53e09
SHA2565c91df743c50a35016c51924912588d1dac89b23ceb50b926e0c8f71517ef187
SHA512831031d5b6b6e15261686cb80bc038bd5dd413bbb7efba479aa82b5b3dae2be30df4e45817beda6c7b81a62229b1c7f0b48056634c8683584c9cbaa2f6234fa6
-
Filesize
78B
MD54c9ba041384d96059198c19dd597c2fa
SHA148b87bda3daf257d6914d5e2bad750e29c4cf397
SHA25681040c3179640a546bd9e5fbe3c50f69abd5c108ac24b0f36c4113681c8f2acd
SHA51232a601ae60183515a79a1961f244b47f0bbc8fc5ea8fdc0d90a41e65f7ef7f3c77ade5a64caddca26c9faa49315cdb0387304b7f25c8e57ebf24a926d6d6083b
-
Filesize
83B
MD5159238d08a1beb510bd0c775877156b8
SHA1480d0d55f7b0cb6d1e876408e48e663e37175655
SHA25646e3b9282c57d325dcbeacf5e65eff8cf54162460315aa0a726db5ecc1f545b9
SHA512e7552bfe4a6f00a3f12908b489d6b57f5eb2d4a51982dae2b183dcab8827ca1152608d9a509723c1753422222c98359d1173a5115ad107ddd43f7a5681b70e60
-
Filesize
324B
MD58700d143ca504924abb53304caaa1c79
SHA1d3eac0c5a7e63ddf2b53925c28fa027844e6db93
SHA2560c729f24905dd96c4571678378bd33cf67dd382c33c891690ceccf7182921ef0
SHA512218f6bdf013ba83b857190f604d692da4eafec852a41c8f193acd4b158884a3aaaff699f288697720c94a8c2df90c5f69359cfb429cdf12e2d26d303feaaaa64