Overview

overview

10

Static

static

10

c684dd975a...1b.apk

android-9-x86

1

c684dd975a...1b.apk

android-10-x64

1

c684dd975a...1b.apk

android-11-x64

1

childapp.apk

android-9-x86

7

childapp.apk

android-10-x64

7

childapp.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d3bf0fb430b02719e7dd9d593c7c9fa.bin

  • Size

    5.2MB

  • MD5

    b86a9b22fff564bcbad7b0743be14c0a

  • SHA1

    245534ad1472f269a3029a3ee10578c8345606ff

  • SHA256

    f99241c9ec325f1ba033e509ed408a61f3eb44a8cbf477beba67011657a82ac6

  • SHA512

    a58bc5b4a7a6285c4daab059a7f84438fcc810a35d5e7b863fcd0ee29f7b65ea00c801d92c3e15ca23ae685f17dd812bf7620b4428d933cbe9bf07e9c4c0a4f0

  • SSDEEP

    98304:yy5ZCdLIm4HlkSirgLwsJZmr0m/yM+G7wG8XBE+OWysnU8um6QUutQo:3S+6SiMdmr0m/yMfMG8XBEvWyqU8oQUc

Score
10/10
spynote

Malware Config

Extracted

Family

spynote

C2

200.9.154.61:7554

Signatures

  • Spynote family
    spynote
  • Spynote payload 1 IoCs
  • Attempts to obfuscate APK file format

    Applies obfuscation techniques to the APK format in order to hinder analysis

  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 3 IoCs
  • Requests dangerous framework permissions 3 IoCs

Files

  • 1d3bf0fb430b02719e7dd9d593c7c9fa.bin
    .zip

    Password: infected

  • c684dd975ab9900f3ac0e7a5f0a0853f28a700513fa96f69d42a3276a47f061b.apk
    .apk android

    Password: infected

    com.appd.instll.load

    com.appd.instll.splash


  • childapp.apk
    .apk android

    Password: infected

    mem.ken.investigate

    mem.ken.grcvihfunlarsuecqkoedapnwiodpdfpgqzhhsnbuphhlwlurl2.cqnfkdjutvxtgwzicagivypbedehostyjoktogcchuuhqfbhqx6SJTMB87