General
-
Target
63bc5d2183c5c110522b4b792b1f1d4591be7649f92943fc6ae2a169d961252b.bin
-
Size
760KB
-
Sample
241218-1wrpkatren
-
MD5
e9a7eca63862524b0536e8c7396b7ec0
-
SHA1
88ac80e75411e6e14926c0d7ecf6c7b30d4eef39
-
SHA256
63bc5d2183c5c110522b4b792b1f1d4591be7649f92943fc6ae2a169d961252b
-
SHA512
644e6c3925edff6f287b14082349fe3ee0f4633c608ebfc799f8f5384879c90c146030e61b29df92d21085a71dc23e5488e235e1db3d8a8fce21e87b21f25455
-
SSDEEP
12288:pHJLBZRvSaqUzyneQ7mbn5WmpYshXZPbGwidNpgD:ppBZR7qUIeqmbn5WmD9idNpU
Malware Config
Extracted
spynote
server-adding.gl.at.ply.gg:1755
Targets
-
-
Target
63bc5d2183c5c110522b4b792b1f1d4591be7649f92943fc6ae2a169d961252b.bin
-
Size
760KB
-
MD5
e9a7eca63862524b0536e8c7396b7ec0
-
SHA1
88ac80e75411e6e14926c0d7ecf6c7b30d4eef39
-
SHA256
63bc5d2183c5c110522b4b792b1f1d4591be7649f92943fc6ae2a169d961252b
-
SHA512
644e6c3925edff6f287b14082349fe3ee0f4633c608ebfc799f8f5384879c90c146030e61b29df92d21085a71dc23e5488e235e1db3d8a8fce21e87b21f25455
-
SSDEEP
12288:pHJLBZRvSaqUzyneQ7mbn5WmpYshXZPbGwidNpgD:ppBZR7qUIeqmbn5WmD9idNpU
Score7/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-