General
-
Target
8bb4085f30e800880dda6ba6f9749e3e9da9075a9defb665dca87324cc378c45.bin
-
Size
996KB
-
Sample
241218-1zy8tatmdt
-
MD5
ac0b1f475d00c7d72780d1512bd435da
-
SHA1
63e0952fd9fad4b877ceace56e53143f00530488
-
SHA256
8bb4085f30e800880dda6ba6f9749e3e9da9075a9defb665dca87324cc378c45
-
SHA512
579fc3127a114a4ea42d32cf488909e5cceb35fcb15ae4c7c2cc09892525d7680061cfa1f9de3eaa640bda9b16956def385374f589940f98fbc887c4856ad22f
-
SSDEEP
24576:Lks8FwpIYA3xHx9K0sCIjMko/4qLUWHUiAh6fHN:LkFwprAhH3K0sCIjMk7qpfAh6fHN
Malware Config
Extracted
spynote
0.tep.eu.ngrok. io:15850
Targets
-
-
Target
8bb4085f30e800880dda6ba6f9749e3e9da9075a9defb665dca87324cc378c45.bin
-
Size
996KB
-
MD5
ac0b1f475d00c7d72780d1512bd435da
-
SHA1
63e0952fd9fad4b877ceace56e53143f00530488
-
SHA256
8bb4085f30e800880dda6ba6f9749e3e9da9075a9defb665dca87324cc378c45
-
SHA512
579fc3127a114a4ea42d32cf488909e5cceb35fcb15ae4c7c2cc09892525d7680061cfa1f9de3eaa640bda9b16956def385374f589940f98fbc887c4856ad22f
-
SSDEEP
24576:Lks8FwpIYA3xHx9K0sCIjMko/4qLUWHUiAh6fHN:LkFwprAhH3K0sCIjMk7qpfAh6fHN
Score7/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-
Tries to add a device administrator.
-