General
-
Target
голые фото.apk
-
Size
4.2MB
-
Sample
241123-bthw7szqbl
-
MD5
d3c9ff78acd0d1852fa2431aa735b4bb
-
SHA1
1630b2dbbdc42c6c9bdf18ab8a062c946cd4b762
-
SHA256
d9092bf5bfa631044fd1392fdf988ac5e5dffa2384202d6e7f6e6760fc5dde0b
-
SHA512
419a529305403ea80fafa344db6b48dc02423dcf2c08d1d8b62e699f69e7dc635c8b8770ca4af1277db39e81bc40e0b4cf00aa22b53b4fc9a0d58cb45658e8ca
-
SSDEEP
98304:yKukrQKBHMmuLd2QLuBnGOSyMwBqIGRoorkGT:tQKBHMmuLd2QegRoorh
Malware Config
Targets
-
-
Target
голые фото.apk
-
Size
4.2MB
-
MD5
d3c9ff78acd0d1852fa2431aa735b4bb
-
SHA1
1630b2dbbdc42c6c9bdf18ab8a062c946cd4b762
-
SHA256
d9092bf5bfa631044fd1392fdf988ac5e5dffa2384202d6e7f6e6760fc5dde0b
-
SHA512
419a529305403ea80fafa344db6b48dc02423dcf2c08d1d8b62e699f69e7dc635c8b8770ca4af1277db39e81bc40e0b4cf00aa22b53b4fc9a0d58cb45658e8ca
-
SSDEEP
98304:yKukrQKBHMmuLd2QLuBnGOSyMwBqIGRoorkGT:tQKBHMmuLd2QegRoorh
Score10/10-
Spynote
Spynote is a Remote Access Trojan first seen in 2017.
-
Spynote family
-
Spynote payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Legitimate hosting services abused for malware hosting/C2
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1