General

  • Target

    db967abfd710040e812701ddafd05bfc0de07fcdb19641ce424b06f9dabccd09.bin

  • Size

    760KB

  • Sample

    250106-1zlbyszlgx

  • MD5

    a14b6eef72ad42a3db32fa3f8d29bc71

  • SHA1

    8f3cbc4c16a8c1b00678e5c3c51e53c17e3f958e

  • SHA256

    db967abfd710040e812701ddafd05bfc0de07fcdb19641ce424b06f9dabccd09

  • SHA512

    36c14cf2ab4c44bef8fd85fa532801d8eb6ddc469d6e3fb99e8f89347079adede7e6e64cf0b8925904b503f2bf7f52a2b73b5f3bbf4f53f4c5a5b38cd80d30f9

  • SSDEEP

    12288:drOGBMGOBa1a8LdemPUHEQXJd5WmpYshXZPbGwidNpg5m:dqGBua1a6em2EsJd5WmD9idNpP

Malware Config

Extracted

Family

spynote

C2

0.tcp.ngrok.io:14051

Targets

    • Target

      db967abfd710040e812701ddafd05bfc0de07fcdb19641ce424b06f9dabccd09.bin

    • Size

      760KB

    • MD5

      a14b6eef72ad42a3db32fa3f8d29bc71

    • SHA1

      8f3cbc4c16a8c1b00678e5c3c51e53c17e3f958e

    • SHA256

      db967abfd710040e812701ddafd05bfc0de07fcdb19641ce424b06f9dabccd09

    • SHA512

      36c14cf2ab4c44bef8fd85fa532801d8eb6ddc469d6e3fb99e8f89347079adede7e6e64cf0b8925904b503f2bf7f52a2b73b5f3bbf4f53f4c5a5b38cd80d30f9

    • SSDEEP

      12288:drOGBMGOBa1a8LdemPUHEQXJd5WmpYshXZPbGwidNpg5m:dqGBua1a6em2EsJd5WmD9idNpP

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.