General
-
Target
Encrypted_Signed.apk
-
Size
6.3MB
-
Sample
241227-2cljwa1pcm
-
MD5
2a4a617bafe058a14bf0092a68d17652
-
SHA1
2d2e0d09824cd0ed4bf4b91d54df9103fb0af4b3
-
SHA256
a607e507a7fe7e0dc6d0efae6566422309ac6c2cf34c3ab9582b0cd2bf417be7
-
SHA512
ff7e3c0830477759d66802036251187fa017256120e3818bf969f637b29b20a874a7f9cf9beaffd8440ca2d35144133c1bce47a8778710e82a7578b11c807c10
-
SSDEEP
98304:LhZ66HMzGBbg67nUSP4M4BoHvfz/mz9zBdTb0ttVNwEf/D:L3WiBh6MW4KzNELD3D
Malware Config
Targets
-
-
Target
Encrypted_Signed.apk
-
Size
6.3MB
-
MD5
2a4a617bafe058a14bf0092a68d17652
-
SHA1
2d2e0d09824cd0ed4bf4b91d54df9103fb0af4b3
-
SHA256
a607e507a7fe7e0dc6d0efae6566422309ac6c2cf34c3ab9582b0cd2bf417be7
-
SHA512
ff7e3c0830477759d66802036251187fa017256120e3818bf969f637b29b20a874a7f9cf9beaffd8440ca2d35144133c1bce47a8778710e82a7578b11c807c10
-
SSDEEP
98304:LhZ66HMzGBbg67nUSP4M4BoHvfz/mz9zBdTb0ttVNwEf/D:L3WiBh6MW4KzNELD3D
Score10/10-
Spynote
Spynote is a Remote Access Trojan first seen in 2017.
-
Spynote family
-
Spynote payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-