General
-
Target
fotos (16).apk
-
Size
7.6MB
-
Sample
250206-z9qtraxmbv
-
MD5
c79f0fe610b6e0366e073de780c8f26f
-
SHA1
71f5cad0228d194b7ec930e42ae05da7f42dd1cd
-
SHA256
1fdf6a9520a77ffd1b2dad78d859eca3349c81fb7be3e999604f4492019f179f
-
SHA512
e939456302eb4abb34e6efd0b2a31469234a458d4b34270639ce2b369c6ff4f16ff3e8ff6d0c2c4683143e83c07ad8c5b660d7763dab20d1175aa349fa41b634
-
SSDEEP
196608:PQGu8fEeidzmF+HO7QBJXw8rolALyy1E/Ls89U:Tu8seFWO7k7ro6Lyy1Eg+U
Malware Config
Extracted
spynote
5cdnl0q.localto.net:8259
Targets
-
-
Target
fotos (16).apk
-
Size
7.6MB
-
MD5
c79f0fe610b6e0366e073de780c8f26f
-
SHA1
71f5cad0228d194b7ec930e42ae05da7f42dd1cd
-
SHA256
1fdf6a9520a77ffd1b2dad78d859eca3349c81fb7be3e999604f4492019f179f
-
SHA512
e939456302eb4abb34e6efd0b2a31469234a458d4b34270639ce2b369c6ff4f16ff3e8ff6d0c2c4683143e83c07ad8c5b660d7763dab20d1175aa349fa41b634
-
SSDEEP
196608:PQGu8fEeidzmF+HO7QBJXw8rolALyy1E/Ls89U:Tu8seFWO7k7ro6Lyy1Eg+U
Score1/10 -
-
-
Target
childapp.apk
-
Size
13.4MB
-
MD5
4710daa3cd8fa7b671216a576aa12c0d
-
SHA1
ac976a2fff89ba8ec2571fd3a3db3be137235d00
-
SHA256
ed328236d8d8316f66a3e9303c2dd76dec983dd05a5e97f6af75220c6088211e
-
SHA512
369b7fccdd161fbc96b686bdf9c4eaeabfc0666725f06879ca58e893d5415f69372f71b95fe1c5149452293d2b5ff7d4cc49260bb0dd15365eb760072692dff7
-
SSDEEP
49152:AMg5EgnUfqs++5zt2brB1+23ejomM6G4Yq7zzdGGUQTOZ0cg2HMPmzSQfpUQFEcl:Ap+IUD++5sbrBe/zzBjTQ0towmzSKd5j
Score8/10-
Removes its main activity from the application launcher
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
2Suppress Application Icon
1User Evasion
1Input Injection
1