spynote | 3150d8e77fc02fb0ea5ef00e8d0d0ddb20418065bfe7f68cc69bd291c4e6524b | Triage

Submit
Reports

Overview

overview

Static

static

MobiSpy/MobiSpy.exe

windows7-x64

3

MobiSpy/MobiSpy.exe

windows10-2004-x64

7

MobiSpy/Mo...py.exe

windows7-x64

3

MobiSpy/Mo...py.exe

windows10-2004-x64

3

Sharing

General

Target

MobiSpy.zip
Size

199.2MB
Sample

241218-t9wgcawnfq
MD5

2ee116d143978bd227cefc9925a6089d
SHA1

428a3cfa885fd335e2de4cb7b35949f7ddebbef9
SHA256

3150d8e77fc02fb0ea5ef00e8d0d0ddb20418065bfe7f68cc69bd291c4e6524b
SHA512

a30e9a3a6c23c1e4fcb29cdcaa225a614d33727e67d5d9b7d5c66a34420e035cff5d1d00f395baf98e286dd0999cf8eba998582d9b0f6dd27191ebd5b6f9ed43
SSDEEP

6291456:Llp0/Y/BgGk047vXqEQ627S/Y/BgoVKggb4lEQ62V:U/qBgGkJjh/qBgoVvtn

Score

10^/10

spynote discovery

Static task

static1

6 signatures

Behavioral task

behavioral1

Sample

MobiSpy/MobiSpy.exe

Resource

win7-20240729-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

MobiSpy/MobiSpy.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

MobiSpy/MobiSpy/MobiSpy.exe

Resource

win7-20240903-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

MobiSpy/MobiSpy/MobiSpy.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

spynote

C2

[MOBISPY_HOST_OK]:[MOBISPY_PORT_OK]

Targets

- Target
  
  MobiSpy/MobiSpy.exe
- Size
  
  2.4MB
- MD5
  
  3f704039b9def5dd780c14d255a66ef1
- SHA1
  
  4b52370fd0a68d69bdd17bb5e360da18a7d6231c
- SHA256
  
  63ab702c2e28f563bbcd7a9970edf416cd92922202f0d45a072344c060c213b8
- SHA512
  
  a90013adb834a921bb73d16653950d416df1413af654f36a3de4eb7247b591d3363b00fa60c45dfabb4e702d10eb862b285546d4f2d6d97dbd53146546a399b9
- SSDEEP
  
  24576:0RJtnKnnKhuI1jF/5DaBRhsOhwbQ4AR9O08k8sVW40Py//5exDjjw1en1E:QtnKnnKhr1jd5GBIz72Lr//5exDjsy
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  MobiSpy/MobiSpy/MobiSpy.exe
- Size
  
  2.4MB
- MD5
  
  3f704039b9def5dd780c14d255a66ef1
- SHA1
  
  4b52370fd0a68d69bdd17bb5e360da18a7d6231c
- SHA256
  
  63ab702c2e28f563bbcd7a9970edf416cd92922202f0d45a072344c060c213b8
- SHA512
  
  a90013adb834a921bb73d16653950d416df1413af654f36a3de4eb7247b591d3363b00fa60c45dfabb4e702d10eb862b285546d4f2d6d97dbd53146546a399b9
- SSDEEP
  
  24576:0RJtnKnnKhuI1jF/5DaBRhsOhwbQ4AR9O08k8sVW40Py//5exDjjw1en1E:QtnKnnKhr1jd5GBIz72Lr//5exDjsy
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

© 2018-2024

Terms | Privacy