General
-
Target
Zoom.apk
-
Size
8.5MB
-
Sample
241119-qzkqbaxdnk
-
MD5
455353e1db3c8b05b7de3e5554117147
-
SHA1
a25c0536ccbb3409f0b8e00779b93e8f83c9e151
-
SHA256
fd948ea17227838530868c85af562df89b867865486dfb2f5ea8d260a3349367
-
SHA512
f0e42915093a9ea4e61dae91278e516327fc0495d488741e3d079dda63233b18b78600f62286e0be288d28ffa1c34deefca7329ada53c46c21998ccadf62ae29
-
SSDEEP
98304:iGzBR5TA0tnmzlamXfAgg9YGtZCsIXxYQus:RhrmzLYggTjCsIXxYls
Behavioral task
behavioral1
Sample
Zoom.apk
Resource
android-33-x64-arm64-20240624-en
Malware Config
Extracted
spynote
87.120.117.136:7771
Targets
-
-
Target
Zoom.apk
-
Size
8.5MB
-
MD5
455353e1db3c8b05b7de3e5554117147
-
SHA1
a25c0536ccbb3409f0b8e00779b93e8f83c9e151
-
SHA256
fd948ea17227838530868c85af562df89b867865486dfb2f5ea8d260a3349367
-
SHA512
f0e42915093a9ea4e61dae91278e516327fc0495d488741e3d079dda63233b18b78600f62286e0be288d28ffa1c34deefca7329ada53c46c21998ccadf62ae29
-
SSDEEP
98304:iGzBR5TA0tnmzlamXfAgg9YGtZCsIXxYQus:RhrmzLYggTjCsIXxYls
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1