General
-
Target
758cbf74036ee718530f699f327b9c9eb833f6f2ca495749ed7614644d98ac7e.apk
-
Size
684KB
-
Sample
241123-czwwpasjhj
-
MD5
874a2d006e3df683e3d84a0b6ffa7427
-
SHA1
28f90d85bea9dcec6c246d2e1e0d81d20d84bdfd
-
SHA256
758cbf74036ee718530f699f327b9c9eb833f6f2ca495749ed7614644d98ac7e
-
SHA512
1f59fd316c5405dd18e8ac07319440fb14e02396759339b411cf01b0b7f6d35fca1c326a4f4a2bae322fd3ef3003bdebdd11b89de2537af6bae3e3a70a4a20d0
-
SSDEEP
12288:DphYy/p6FOjENqxpXPcRZY90ipEKbM/qd6IusT3cgtN0Fvm16Rq212gXH:NhYKkYdpEomqd6IHT3SFvm1GNjXH
Malware Config
Extracted
spynote
qqqk-23745.portmap.host:23745
Targets
-
-
Target
758cbf74036ee718530f699f327b9c9eb833f6f2ca495749ed7614644d98ac7e.apk
-
Size
684KB
-
MD5
874a2d006e3df683e3d84a0b6ffa7427
-
SHA1
28f90d85bea9dcec6c246d2e1e0d81d20d84bdfd
-
SHA256
758cbf74036ee718530f699f327b9c9eb833f6f2ca495749ed7614644d98ac7e
-
SHA512
1f59fd316c5405dd18e8ac07319440fb14e02396759339b411cf01b0b7f6d35fca1c326a4f4a2bae322fd3ef3003bdebdd11b89de2537af6bae3e3a70a4a20d0
-
SSDEEP
12288:DphYy/p6FOjENqxpXPcRZY90ipEKbM/qd6IusT3cgtN0Fvm16Rq212gXH:NhYKkYdpEomqd6IHT3SFvm1GNjXH
Score8/10-
Removes its main activity from the application launcher
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests enabling of the accessibility settings.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1