General

  • Target

    Predator 2.apk

  • Size

    3.7MB

  • Sample

    241119-d95f9azldw

  • MD5

    732b55fe03a3f5e3d69afe5ef525438d

  • SHA1

    bfc3d17e88d86258e8e37cb44c7c2d7082ee49c9

  • SHA256

    a11ae11a5733dd29842ae1d6431c949ecfedfc4c0b10176131d1e8b3942862f5

  • SHA512

    7a2fa9c2bcb47cf2a174d90c2d79caf93ff5e77ea8f624938b74c250c3ea7a88d24bacc953e4c5960817edcf54c5972bff099ca41b1d257bbb39723da7ae6546

  • SSDEEP

    49152:XmjUiEZT53/ng3nxdFdKZHymQgG3f6CmzfzdGGFQTOMKJUxYqL0cgc03yL3LGSk:0REvkRySmxG3SCmzfzBqTD0tc0yW

Malware Config

Extracted

Family

spynote

C2

5.42.92.97:7771

Targets

    • Target

      Predator 2.apk

    • Size

      3.7MB

    • MD5

      732b55fe03a3f5e3d69afe5ef525438d

    • SHA1

      bfc3d17e88d86258e8e37cb44c7c2d7082ee49c9

    • SHA256

      a11ae11a5733dd29842ae1d6431c949ecfedfc4c0b10176131d1e8b3942862f5

    • SHA512

      7a2fa9c2bcb47cf2a174d90c2d79caf93ff5e77ea8f624938b74c250c3ea7a88d24bacc953e4c5960817edcf54c5972bff099ca41b1d257bbb39723da7ae6546

    • SSDEEP

      49152:XmjUiEZT53/ng3nxdFdKZHymQgG3f6CmzfzdGGFQTOMKJUxYqL0cgc03yL3LGSk:0REvkRySmxG3SCmzfzBqTD0tc0yW

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries information about active data network

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks