General
-
Target
3fc11ae24cf26f5e4a23edf964d3c1e7467b8809b1bbdb484d27e3d28fcb6f03.bin
-
Size
760KB
-
Sample
241115-1zl89atbme
-
MD5
163b0df145139b3e93d497b12128b0c9
-
SHA1
a50970fc25fc6a1285cf096e0241c2fa51a3eb60
-
SHA256
3fc11ae24cf26f5e4a23edf964d3c1e7467b8809b1bbdb484d27e3d28fcb6f03
-
SHA512
ba5a3771b367b68595140870b704cfe1c126b7d067fd448f8ac2a4a5fb7c96a0c443f62195b5a4b6468cb5a4e3eaa5fabbc5ff0c4188fab4a8e26dd8c977eeca
-
SSDEEP
12288:BpxcIpa1a8Lze0LWf2GZHD5WmpYshXZPbGwidNpgi0:BXTa1ame0w2GZHD5WmD9idNpK
Malware Config
Extracted
spynote
192.168.1.132:2222
Targets
-
-
Target
3fc11ae24cf26f5e4a23edf964d3c1e7467b8809b1bbdb484d27e3d28fcb6f03.bin
-
Size
760KB
-
MD5
163b0df145139b3e93d497b12128b0c9
-
SHA1
a50970fc25fc6a1285cf096e0241c2fa51a3eb60
-
SHA256
3fc11ae24cf26f5e4a23edf964d3c1e7467b8809b1bbdb484d27e3d28fcb6f03
-
SHA512
ba5a3771b367b68595140870b704cfe1c126b7d067fd448f8ac2a4a5fb7c96a0c443f62195b5a4b6468cb5a4e3eaa5fabbc5ff0c4188fab4a8e26dd8c977eeca
-
SSDEEP
12288:BpxcIpa1a8Lze0LWf2GZHD5WmpYshXZPbGwidNpgi0:BXTa1ame0w2GZHD5WmD9idNpK
Score7/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-
Tries to add a device administrator.
-