spynote | 16d6b92f9fa059d00f6abaed169624150f487bc48565f579c5fa008d2741f99c

General

Target

VideoChat.apk
Size

6.7MB
Sample

241115-2pt2sathmn
MD5

ddea156a78c18fe8f2ba93001433772a
SHA1

d2e9cbcc4805a7bc0d10558c09e2cd67439bce1f
SHA256

16d6b92f9fa059d00f6abaed169624150f487bc48565f579c5fa008d2741f99c
SHA512

010b9e55dd72bd215a2f3a85bd08c96b24b6fc9eb3bb8e69114162f0fb478857fdbd59525735d689dd3308f5eec1f5f93b9e0acd6460d2fef1540fafba7a06dc
SSDEEP

98304:Z7PEVZqy+mH6MHW5x6OeRukQf0dKtzwEUmxXF3z0on7eYkdv9eDLzMPpk61kKeEc:Z7ESiNOe4kQf7w9mxtxC3OLzMP02k

Score

10^/10

Malware Config

Targets

- Target
  
  VideoChat.apk
- Size
  
  6.7MB
- MD5
  
  ddea156a78c18fe8f2ba93001433772a
- SHA1
  
  d2e9cbcc4805a7bc0d10558c09e2cd67439bce1f
- SHA256
  
  16d6b92f9fa059d00f6abaed169624150f487bc48565f579c5fa008d2741f99c
- SHA512
  
  010b9e55dd72bd215a2f3a85bd08c96b24b6fc9eb3bb8e69114162f0fb478857fdbd59525735d689dd3308f5eec1f5f93b9e0acd6460d2fef1540fafba7a06dc
- SSDEEP
  
  98304:Z7PEVZqy+mH6MHW5x6OeRukQf0dKtzwEUmxXF3z0on7eYkdv9eDLzMPpk61kKeEc:Z7ESiNOe4kQf7w9mxtxC3OLzMP02k
Score

4^/10

persistence
behavioral1 behavioral2 behavioral3
- Target
  
  childapp.apk
- Size
  
  5.8MB
- MD5
  
  c52aac69466c7c55c39ca432695962d2
- SHA1
  
  53c6da2cb3b1c5581812d4e02463503778f13b9b
- SHA256
  
  90429e70171a98c25db0ae3e1821a7da772a8f109f2d9add9cfdc5d010844a93
- SHA512
  
  d46c46fd646fed8e8e4cf1788f5352a5846ec977ba1b06c176adc68954b6bf3573948a0b0e8da881234afa0e1f77ef2a41451bfaad4441003ab0fc801f4926e7
- SSDEEP
  
  98304:LW6KpWzryYitzeh3LkG3F4mWQgGnKcmzQaLEGXd6zBRwD0mW37vK69:LmntCJIG3iQg8KLzQaLEG+J7C+
Score

7^/10

banker collection credential_access discovery evasion execution persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral4 behavioral5 behavioral6