Resubmissions

23-11-2024 01:20

241123-bp9jcstqfz 10

23-11-2024 01:15

241123-bl91qatphz 6

Analysis

  • max time kernel
    149s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    23-11-2024 01:20

General

  • Target

    голые фото.apk

  • Size

    4.2MB

  • MD5

    d3c9ff78acd0d1852fa2431aa735b4bb

  • SHA1

    1630b2dbbdc42c6c9bdf18ab8a062c946cd4b762

  • SHA256

    d9092bf5bfa631044fd1392fdf988ac5e5dffa2384202d6e7f6e6760fc5dde0b

  • SHA512

    419a529305403ea80fafa344db6b48dc02423dcf2c08d1d8b62e699f69e7dc635c8b8770ca4af1277db39e81bc40e0b4cf00aa22b53b4fc9a0d58cb45658e8ca

  • SSDEEP

    98304:yKukrQKBHMmuLd2QLuBnGOSyMwBqIGRoorkGT:tQKBHMmuLd2QegRoorh

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

  • Spynote family
  • Spynote payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Acquires the wake lock 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • cet.syndrome.springfield
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Schedules tasks to execute at a specified time
    PID:4445

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/cet.syndrome.springfield/app_mph_dex/apk.crazy-v1.AndroidManifest.xml

    Filesize

    5.1MB

    MD5

    23e84a23dbe7b2cef8604967af63544e

    SHA1

    06d9fd8f5e00541bee5ebb54f7c077cb85bd5ce3

    SHA256

    c717af7452d721a9aae9c524123d0dd6b3f868b6cc728b1e8dfeea0e16f67393

    SHA512

    8e1edaa52757a978fad0b70a5f557b3d960dcd2cfbc054e6706a275350aefd1159c9d5845fb12c87f5d5a7697d4c0a84379cad6513a5be80e314a69c7f37d490

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-23.txt

    Filesize

    33B

    MD5

    021f287551cfa5a3000feb5752856a0e

    SHA1

    0c6f8daee3ab8649f329eea922561f2c0a48dc2b

    SHA256

    16058ae6ff106cc403b2f355bfe17521cba95d6ac18c08a23347c9fa64aea6fc

    SHA512

    893bc5ed9bd15685467bbb16313ac1b698e29320f7c5edaaa69e6120c5a2e66e22d3a5d64a6f0676eb9c3490537c0f09371db0879678f7e391fddd244a934a54

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-23.txt

    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-23.txt

    Filesize

    25B

    MD5

    80be1dd284fc63f6809aedd06a0b15c3

    SHA1

    96d3017466e63b79237ebdf3d0887b782be15c3c

    SHA256

    8d9bf0e7c6a17e799750b11aadd067d1ef247babcfe34c00b477a381552f559e

    SHA512

    e4a17a38db8c5d4eacca414847e6433b1c74a1eaa73e68d7fc905e11e5e9c417afbeb72a608a3ce113c36440fe7f5ea0cd891254122f37541476d9bde2fb51b4