General
-
Target
fotos (52).apk
-
Size
21.9MB
-
Sample
250206-2gaceayrez
-
MD5
d5742f43c32800c5f02480a30119270f
-
SHA1
eab77e8594acc91ee6c2af1447bf8423f68d79f0
-
SHA256
5d5cb8d546b0ae37a7982aed181f34d4630c966aaf3eb2318c612267e419dc98
-
SHA512
5d41afd716370c1586bee316e750f85d7a36228d25f0eb22d67d7be7d572de81abe04bd37b8c16a09560b0e47abf169a52ce844cc1f81a57d26349fb4752e41e
-
SSDEEP
98304:rKTsb+FPxCGnFOXVOkvBLVjmzHzBwTZ0tMMyD2vEn+ohhSc3C9v0EJQSQcE5Z86v:VGFOl/KzW2HdvEV0RvLQSQT5ZHwk
Malware Config
Extracted
spynote
br2.localto.net:1105
Targets
-
-
Target
fotos (52).apk
-
Size
21.9MB
-
MD5
d5742f43c32800c5f02480a30119270f
-
SHA1
eab77e8594acc91ee6c2af1447bf8423f68d79f0
-
SHA256
5d5cb8d546b0ae37a7982aed181f34d4630c966aaf3eb2318c612267e419dc98
-
SHA512
5d41afd716370c1586bee316e750f85d7a36228d25f0eb22d67d7be7d572de81abe04bd37b8c16a09560b0e47abf169a52ce844cc1f81a57d26349fb4752e41e
-
SSDEEP
98304:rKTsb+FPxCGnFOXVOkvBLVjmzHzBwTZ0tMMyD2vEn+ohhSc3C9v0EJQSQcE5Z86v:VGFOl/KzW2HdvEV0RvLQSQT5ZHwk
Score1/10 -
-
-
Target
childapp.apk
-
Size
18.3MB
-
MD5
c1eba49d0e1ed645581cdd937b3ac971
-
SHA1
dc2bfd830824f26eef40a25af2a83e86a2932086
-
SHA256
433a799f1e44a22a638ba301f0bb64fdcecb1cf052a9295fb1261680273a1d19
-
SHA512
62ea1705f54ff0831f8c0c6d41b470ce1476e4010ba85ce5c47370410c9e7a48cf54e741b612b1e1471013a1d750420e5aa2ca45d015acf8a9706f45332885d0
-
SSDEEP
98304:KKTsb+FPxCGnFOXVOkvBLVjmzHzBwTZ0tMH:SGFOl/KzW2G
Score7/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-