General
-
Target
rdp app.apk
-
Size
668KB
-
Sample
241127-q5kx9sslhl
-
MD5
42b08a0f6553f50044ba10b989252efc
-
SHA1
5fd0999749439898b4bfcc88b6af52cf885e7090
-
SHA256
1638d48b05daffdb02c6d15fa0e2325d9f00734ff5859ca2c606bb89a9edf621
-
SHA512
7161cfbc772db28581710e7e5466fc7dfae5cf761c70445fb0459d0813627ba41e6ab0045117c355c1985853d6a2914da6363054fb2c2d320174928b191c55e8
-
SSDEEP
12288:P9ky4l5eixfRFqJ4E3h3Xp9fGuzIw2IgXgUvk7vQusT3cgtN0FHmv6Rq21xg7r:2l5rxZFqn3hJ9fGOIPIgBvcvQHT3SFHk
Malware Config
Extracted
spynote
172.31.34.1:7771
Targets
-
-
Target
rdp app.apk
-
Size
668KB
-
MD5
42b08a0f6553f50044ba10b989252efc
-
SHA1
5fd0999749439898b4bfcc88b6af52cf885e7090
-
SHA256
1638d48b05daffdb02c6d15fa0e2325d9f00734ff5859ca2c606bb89a9edf621
-
SHA512
7161cfbc772db28581710e7e5466fc7dfae5cf761c70445fb0459d0813627ba41e6ab0045117c355c1985853d6a2914da6363054fb2c2d320174928b191c55e8
-
SSDEEP
12288:P9ky4l5eixfRFqJ4E3h3Xp9fGuzIw2IgXgUvk7vQusT3cgtN0FHmv6Rq21xg7r:2l5rxZFqn3hJ9fGOIPIgBvcvQHT3SFHk
Score7/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests enabling of the accessibility settings.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1