General
-
Target
f797422b592a371711d11e86f7d23b150bb7233399191eb3337376c2a2e7ea18.bin
-
Size
784KB
-
Sample
250121-15gwqatrar
-
MD5
d6e10b0d690c76847cc9662b6d4a52c4
-
SHA1
332859c69805129b62f42b33a6ced40d5887dc16
-
SHA256
f797422b592a371711d11e86f7d23b150bb7233399191eb3337376c2a2e7ea18
-
SHA512
e191009d09be52a1cdfa8428d64579f788973d83d321f88c3db63f36fd64b7d26fd646ef1ead1eeea1a7e51760b6bbaa90cb976cbad4a071ed77669c1f0ad292
-
SSDEEP
12288:6V1a1a8LzeJYU8AgVpsC5WmpYshXZPbGwidNpgtuA:m1a1ameJYBASpF5WmD9idNpah
Malware Config
Extracted
spynote
DobriyKaban-42278.portmap.host:42278
Targets
-
-
Target
f797422b592a371711d11e86f7d23b150bb7233399191eb3337376c2a2e7ea18.bin
-
Size
784KB
-
MD5
d6e10b0d690c76847cc9662b6d4a52c4
-
SHA1
332859c69805129b62f42b33a6ced40d5887dc16
-
SHA256
f797422b592a371711d11e86f7d23b150bb7233399191eb3337376c2a2e7ea18
-
SHA512
e191009d09be52a1cdfa8428d64579f788973d83d321f88c3db63f36fd64b7d26fd646ef1ead1eeea1a7e51760b6bbaa90cb976cbad4a071ed77669c1f0ad292
-
SSDEEP
12288:6V1a1a8LzeJYU8AgVpsC5WmpYshXZPbGwidNpgtuA:m1a1ameJYBASpF5WmD9idNpah
Score7/10-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-