General
-
Target
c36cb91b0c3b1f5e65bfe106611fa260403ffdd0c64365a1abcd582a4d312493
-
Size
15.7MB
-
Sample
250108-eblrxsvmfp
-
MD5
bb7115f92db4f8e76247f99477b172be
-
SHA1
fdf9821d1fa6fb91b265ba66e2b1e2fb239faffc
-
SHA256
c36cb91b0c3b1f5e65bfe106611fa260403ffdd0c64365a1abcd582a4d312493
-
SHA512
f8eff6b34d091924ee19f31bfba2356a6c459bfcd44822ceacd76ae244398988bf4e094481f9fb4da9f173d85f667360f55a5ee50e1f86247629f1244ca730bd
-
SSDEEP
12288:2AWS09D+XvtcKtTViQ+MxwCwGzx2h6Ll/Qo4e0oBf64BAgNhR6J7YQi1:2ASK/tNhZKnGzRLJQ5oFNt6iQi1
Malware Config
Extracted
spynote
156.240.111.98:2251
Targets
-
-
Target
c36cb91b0c3b1f5e65bfe106611fa260403ffdd0c64365a1abcd582a4d312493
-
Size
15.7MB
-
MD5
bb7115f92db4f8e76247f99477b172be
-
SHA1
fdf9821d1fa6fb91b265ba66e2b1e2fb239faffc
-
SHA256
c36cb91b0c3b1f5e65bfe106611fa260403ffdd0c64365a1abcd582a4d312493
-
SHA512
f8eff6b34d091924ee19f31bfba2356a6c459bfcd44822ceacd76ae244398988bf4e094481f9fb4da9f173d85f667360f55a5ee50e1f86247629f1244ca730bd
-
SSDEEP
12288:2AWS09D+XvtcKtTViQ+MxwCwGzx2h6Ll/Qo4e0oBf64BAgNhR6J7YQi1:2ASK/tNhZKnGzRLJQ5oFNt6iQi1
Score8/10-
Removes its main activity from the application launcher
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Input Injection
1