General
-
Target
3ea38ddb94d824c2686c040c28f4e1c1fc6f7e2d0c31b7c7a5bda1af4cda2875.bin
-
Size
760KB
-
Sample
241230-1x66ms1jhl
-
MD5
01aab629d58e699141040c177f25e000
-
SHA1
0b842e4cf1066b017ca31b8f611f9cde7b7c779a
-
SHA256
3ea38ddb94d824c2686c040c28f4e1c1fc6f7e2d0c31b7c7a5bda1af4cda2875
-
SHA512
4e8358be89f2d114f38dd130c221daf8673ec75a91b2e56ec4790887d8881a31d30bc6c6228c1fbf4bcd13df7f26ee7703e82db9389177109e1aef6946d1763c
-
SSDEEP
12288:fB1/yJ6sgRQLzvnbNbycBU5WmpYshXZPbGwidNpgW1g:fBwJ6sjLzvJbycBU5WmD9idNpv1g
Malware Config
Extracted
spynote
ad-forestry.gl.at.ply.gg:51714
Targets
-
-
Target
3ea38ddb94d824c2686c040c28f4e1c1fc6f7e2d0c31b7c7a5bda1af4cda2875.bin
-
Size
760KB
-
MD5
01aab629d58e699141040c177f25e000
-
SHA1
0b842e4cf1066b017ca31b8f611f9cde7b7c779a
-
SHA256
3ea38ddb94d824c2686c040c28f4e1c1fc6f7e2d0c31b7c7a5bda1af4cda2875
-
SHA512
4e8358be89f2d114f38dd130c221daf8673ec75a91b2e56ec4790887d8881a31d30bc6c6228c1fbf4bcd13df7f26ee7703e82db9389177109e1aef6946d1763c
-
SSDEEP
12288:fB1/yJ6sgRQLzvnbNbycBU5WmpYshXZPbGwidNpgW1g:fBwJ6sjLzvJbycBU5WmD9idNpv1g
Score7/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-
Tries to add a device administrator.
-