General
-
Target
playstoreupdate.apk
-
Size
6.0MB
-
Sample
241219-qrs2qatrdp
-
MD5
0826938525ff0f4f400488819d1e7dc7
-
SHA1
f4f27d86869feba6d71857b9f6eb30e6763f2d89
-
SHA256
7742ce477fb7f78e181e114db46ace712e3a02d417f7ac8a20994f3f2db46c15
-
SHA512
2612805d2d6b1eb821d9735b2aa725f69da844a07e6764e6d9f487d7eabc7fc192237e9e9de2ef9400f68e5d8ad325a03e4b8abacb525d4ae449d3da3ed2c3bd
-
SSDEEP
98304:8cNby5wATPnRa6x5MY/PmzlzBQ0tNTPKduE1ujRzEY0HEIw:L+fRd8/zjNyXudzfr
Static task
static1
Behavioral task
behavioral1
Sample
playstoreupdate.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
playstoreupdate.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
playstoreupdate.apk
Resource
android-x64-arm64-20240910-en
Malware Config
Extracted
spynote
178.255.218.228:8005
Targets
-
-
Target
playstoreupdate.apk
-
Size
6.0MB
-
MD5
0826938525ff0f4f400488819d1e7dc7
-
SHA1
f4f27d86869feba6d71857b9f6eb30e6763f2d89
-
SHA256
7742ce477fb7f78e181e114db46ace712e3a02d417f7ac8a20994f3f2db46c15
-
SHA512
2612805d2d6b1eb821d9735b2aa725f69da844a07e6764e6d9f487d7eabc7fc192237e9e9de2ef9400f68e5d8ad325a03e4b8abacb525d4ae449d3da3ed2c3bd
-
SSDEEP
98304:8cNby5wATPnRa6x5MY/PmzlzBQ0tNTPKduE1ujRzEY0HEIw:L+fRd8/zjNyXudzfr
-
Spynote family
-
Spynote payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1