General

  • Target

    d9092bf5bfa631044fd1392fdf988ac5e5dffa2384202d6e7f6e6760fc5dde0b.apk

  • Size

    4.2MB

  • Sample

    241124-daw1tswphk

  • MD5

    d3c9ff78acd0d1852fa2431aa735b4bb

  • SHA1

    1630b2dbbdc42c6c9bdf18ab8a062c946cd4b762

  • SHA256

    d9092bf5bfa631044fd1392fdf988ac5e5dffa2384202d6e7f6e6760fc5dde0b

  • SHA512

    419a529305403ea80fafa344db6b48dc02423dcf2c08d1d8b62e699f69e7dc635c8b8770ca4af1277db39e81bc40e0b4cf00aa22b53b4fc9a0d58cb45658e8ca

  • SSDEEP

    98304:yKukrQKBHMmuLd2QLuBnGOSyMwBqIGRoorkGT:tQKBHMmuLd2QegRoorh

Malware Config

Targets

    • Target

      d9092bf5bfa631044fd1392fdf988ac5e5dffa2384202d6e7f6e6760fc5dde0b.apk

    • Size

      4.2MB

    • MD5

      d3c9ff78acd0d1852fa2431aa735b4bb

    • SHA1

      1630b2dbbdc42c6c9bdf18ab8a062c946cd4b762

    • SHA256

      d9092bf5bfa631044fd1392fdf988ac5e5dffa2384202d6e7f6e6760fc5dde0b

    • SHA512

      419a529305403ea80fafa344db6b48dc02423dcf2c08d1d8b62e699f69e7dc635c8b8770ca4af1277db39e81bc40e0b4cf00aa22b53b4fc9a0d58cb45658e8ca

    • SSDEEP

      98304:yKukrQKBHMmuLd2QLuBnGOSyMwBqIGRoorkGT:tQKBHMmuLd2QegRoorh

    • Spynote

      Spynote is a Remote Access Trojan first seen in 2017.

    • Spynote family

    • Spynote payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Acquires the wake lock

    • Legitimate hosting services abused for malware hosting/C2

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks