General

  • Target

    ec27e7d70d942d24b94cddc653e3ba83bb348f77a3a60ecadf3a96205535bde6.bin

  • Size

    644KB

  • Sample

    241212-1x5yks1jgl

  • MD5

    42bc5ef28c938c2602447c00b8e5acb0

  • SHA1

    a527cd27403ee7c510b150e7479220688ce31513

  • SHA256

    ec27e7d70d942d24b94cddc653e3ba83bb348f77a3a60ecadf3a96205535bde6

  • SHA512

    4cd3dc671e355d831fbd4dd8aa1c0868d74badad413d6f88b5e45126ad29856d78c2eece5fb941d4fa894d24357dfc7db749b9a5cf30dc59520a43b5a16311c6

  • SSDEEP

    12288:Hl6Pq2MN6Gg/WX6rvseYW/cNUNpQaawt6Rq21lusT3cgtN0FqgqhcSrtWDOwbIEp:EGi3r6W/cNUf0wtGNlHT3SF3q6SgOLKh

Malware Config

Extracted

Family

spynote

C2

rew2266.ddns.net:2266

Extracted

Family

spynote

C2

rew2266.ddns.net:2266

Targets

    • Target

      ec27e7d70d942d24b94cddc653e3ba83bb348f77a3a60ecadf3a96205535bde6.bin

    • Size

      644KB

    • MD5

      42bc5ef28c938c2602447c00b8e5acb0

    • SHA1

      a527cd27403ee7c510b150e7479220688ce31513

    • SHA256

      ec27e7d70d942d24b94cddc653e3ba83bb348f77a3a60ecadf3a96205535bde6

    • SHA512

      4cd3dc671e355d831fbd4dd8aa1c0868d74badad413d6f88b5e45126ad29856d78c2eece5fb941d4fa894d24357dfc7db749b9a5cf30dc59520a43b5a16311c6

    • SSDEEP

      12288:Hl6Pq2MN6Gg/WX6rvseYW/cNUNpQaawt6Rq21lusT3cgtN0FqgqhcSrtWDOwbIEp:EGi3r6W/cNUf0wtGNlHT3SF3q6SgOLKh

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Reads the content of the SMS messages.

    • Reads the content of the call log.

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.