General

  • Target

    ready.apk

  • Size

    36KB

  • Sample

    241213-td9n4atkgz

  • MD5

    1c6ea5cde4f7576b1c9248c850ee27b9

  • SHA1

    24e9f25c3a3e9110c46e26326f61f2b8c7272047

  • SHA256

    286e323248af7f3abeba64455d4958fcb16264e666e023c7b066ce331a12145f

  • SHA512

    da9eaac379199d136cd70c157a51b65716d877f70c443c96597a117791d6337791b5be83046382baa30e30a265f3f618c0be0c56af3421090665871d0cfc3397

  • SSDEEP

    768:nFUanFU/bZzZCwOfDCh8gmNBXmxV7vN6uVGQF38NNpPV1slcP2BJ:+NF91O28VNNw7EuEQW/Xs9J

Malware Config

Extracted

Family

spymax

C2

analysis-warming.gl.at.ply.gg:28326

Targets

    • Target

      ready.apk

    • Size

      36KB

    • MD5

      1c6ea5cde4f7576b1c9248c850ee27b9

    • SHA1

      24e9f25c3a3e9110c46e26326f61f2b8c7272047

    • SHA256

      286e323248af7f3abeba64455d4958fcb16264e666e023c7b066ce331a12145f

    • SHA512

      da9eaac379199d136cd70c157a51b65716d877f70c443c96597a117791d6337791b5be83046382baa30e30a265f3f618c0be0c56af3421090665871d0cfc3397

    • SSDEEP

      768:nFUanFU/bZzZCwOfDCh8gmNBXmxV7vN6uVGQF38NNpPV1slcP2BJ:+NF91O28VNNw7EuEQW/Xs9J

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks