General
-
Target
ready.apk
-
Size
6.2MB
-
Sample
241225-ydw58avmfm
-
MD5
38bf20afd266f35fdc67b0c998c3b5aa
-
SHA1
35588816385a3e47cb06776276a96f067a947472
-
SHA256
872952cbe5c8cff6984ddc8e37d116897b24648c87d999316a93e517a536be39
-
SHA512
d0e4ef028743fb5e2f33f48e7e0935bb700f30d9ed2f9d06ef1e2077e941fc938be59306b911b6d705304aff323b61100ea55de9e0d1b205592df34d0ea36c5a
-
SSDEEP
24576:VT3EfQRZ+SGs1El7/Y8Ey/HhQLclGqL22pUY:VjEfXllEy/HhQmt3
Malware Config
Extracted
spynote
150.241.86.186:9999
Targets
-
-
Target
ready.apk
-
Size
6.2MB
-
MD5
38bf20afd266f35fdc67b0c998c3b5aa
-
SHA1
35588816385a3e47cb06776276a96f067a947472
-
SHA256
872952cbe5c8cff6984ddc8e37d116897b24648c87d999316a93e517a536be39
-
SHA512
d0e4ef028743fb5e2f33f48e7e0935bb700f30d9ed2f9d06ef1e2077e941fc938be59306b911b6d705304aff323b61100ea55de9e0d1b205592df34d0ea36c5a
-
SSDEEP
24576:VT3EfQRZ+SGs1El7/Y8Ey/HhQLclGqL22pUY:VjEfXllEy/HhQmt3
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-