Analysis
-
max time kernel
149s -
max time network
160s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
23-11-2024 01:20
Static task
static1
Behavioral task
behavioral1
Sample
голые фото.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral2
Sample
голые фото.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
голые фото.apk
-
Size
4.2MB
-
MD5
d3c9ff78acd0d1852fa2431aa735b4bb
-
SHA1
1630b2dbbdc42c6c9bdf18ab8a062c946cd4b762
-
SHA256
d9092bf5bfa631044fd1392fdf988ac5e5dffa2384202d6e7f6e6760fc5dde0b
-
SHA512
419a529305403ea80fafa344db6b48dc02423dcf2c08d1d8b62e699f69e7dc635c8b8770ca4af1277db39e81bc40e0b4cf00aa22b53b4fc9a0d58cb45658e8ca
-
SSDEEP
98304:yKukrQKBHMmuLd2QLuBnGOSyMwBqIGRoorkGT:tQKBHMmuLd2QegRoorh
Malware Config
Signatures
-
Spynote
Spynote is a Remote Access Trojan first seen in 2017.
-
Spynote family
-
Spynote payload 1 IoCs
Processes:
resource yara_rule /data/user/0/cet.syndrome.springfield/app_mph_dex/apk.crazy-v1.AndroidManifest.xml family_spynote -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
cet.syndrome.springfieldioc pid process /data/user/0/cet.syndrome.springfield/app_mph_dex/apk.crazy-v1.AndroidManifest.xml 4445 cet.syndrome.springfield /data/user/0/cet.syndrome.springfield/app_mph_dex/apk.crazy-v1.AndroidManifest.xml 4445 cet.syndrome.springfield -
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
cet.syndrome.springfielddescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId cet.syndrome.springfield -
Acquires the wake lock 1 IoCs
Processes:
cet.syndrome.springfielddescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock cet.syndrome.springfield -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
cet.syndrome.springfielddescription ioc process Framework service call android.app.IActivityManager.setServiceForeground cet.syndrome.springfield -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
cet.syndrome.springfielddescription ioc process Framework service call android.app.job.IJobScheduler.schedule cet.syndrome.springfield
Processes
Network
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.1MB
MD523e84a23dbe7b2cef8604967af63544e
SHA106d9fd8f5e00541bee5ebb54f7c077cb85bd5ce3
SHA256c717af7452d721a9aae9c524123d0dd6b3f868b6cc728b1e8dfeea0e16f67393
SHA5128e1edaa52757a978fad0b70a5f557b3d960dcd2cfbc054e6706a275350aefd1159c9d5845fb12c87f5d5a7697d4c0a84379cad6513a5be80e314a69c7f37d490
-
Filesize
33B
MD5021f287551cfa5a3000feb5752856a0e
SHA10c6f8daee3ab8649f329eea922561f2c0a48dc2b
SHA25616058ae6ff106cc403b2f355bfe17521cba95d6ac18c08a23347c9fa64aea6fc
SHA512893bc5ed9bd15685467bbb16313ac1b698e29320f7c5edaaa69e6120c5a2e66e22d3a5d64a6f0676eb9c3490537c0f09371db0879678f7e391fddd244a934a54
-
Filesize
13B
MD5de2c41a51ee9246eb1708f65b511add0
SHA12f442d634c8a18760a232c8829d4b5d74a52f074
SHA256ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab
SHA5127cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a
-
Filesize
25B
MD580be1dd284fc63f6809aedd06a0b15c3
SHA196d3017466e63b79237ebdf3d0887b782be15c3c
SHA2568d9bf0e7c6a17e799750b11aadd067d1ef247babcfe34c00b477a381552f559e
SHA512e4a17a38db8c5d4eacca414847e6433b1c74a1eaa73e68d7fc905e11e5e9c417afbeb72a608a3ce113c36440fe7f5ea0cd891254122f37541476d9bde2fb51b4