spynote | fotos (16)[.]apk

General

Target

fotos (16).apk
Size

7.6MB
MD5

c79f0fe610b6e0366e073de780c8f26f
SHA1

71f5cad0228d194b7ec930e42ae05da7f42dd1cd
SHA256

1fdf6a9520a77ffd1b2dad78d859eca3349c81fb7be3e999604f4492019f179f
SHA512

e939456302eb4abb34e6efd0b2a31469234a458d4b34270639ce2b369c6ff4f16ff3e8ff6d0c2c4683143e83c07ad8c5b660d7763dab20d1175aa349fa41b634
SSDEEP

196608:PQGu8fEeidzmF+HO7QBJXw8rolALyy1E/Ls89U:Tu8seFWO7k7ro6Lyy1Eg+U

Score

10^/10

spynote

Malware Config

Extracted

Family

spynote

C2

5cdnl0q.localto.net:8259

Signatures

Spynote family
spynote
Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 3 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards).	android.permission.BIND_INPUT_METHOD

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES

Files

fotos (16).apk
.apk android

pbr.ddaw.wuicss.ncge

com.appd.instll.splash

Activities

com.appd.instll.splash

android.intent.action.MAIN
android.intent.action.VIEW

Permissions

android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
childapp.apk
.apk android

past.calculators.interior

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.fnutxdjscrwtngsxnajudhtxwzycxmeguglaikzdyixcthoehk31

Activities

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.fnutxdjscrwtngsxnajudhtxwzycxmeguglaikzdyixcthoehk31

android.intent.action.CHOOSER
android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED
com.ui.OnAlarmReceiver.ACTION_WIDGET_RECEIVER
com.android.vending.billing.InAppBillingService.COIN
com.android.vending.billing.InAppBillingService.COIO
com.android.vending.billing.InAppBillingService.LUCM
com.android.vending.billing.InAppBillingService.PROX
ir.cafebazaar.pardakht.InAppBillingService.BIND
ru.aaaaaaax.installer
com.nokia.payment.iapenabler.InAppBillingService.BIND
com.android.vending.billing.InAppBillingService.INST

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.wwatdkbgshwzcbrhtfgwnrqvsmcpeglbdkrmqyrzurquhoitdm14_CA

past.calculators.interior.xyz

Permissions

android.permission.DISABLE_KEYGUARD
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
oppo.permission.OPPO_COMPONENT_SAFE
oplus.permission.OPLUS_COMPONENT_SAFE
com.huawei.permission.external_app_settings.USE_COMPONENT
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
com.android.alarm.permission.SET_ALARM
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.USE_FULL_SCREEN_INTENT

Receivers

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.lkheosurybrhlzmqfvfulvwnggulmgkevkrgsujrmbuxxqmbbw5.SRiuiddhxiaymutxheclonuusivbnezirwfcyldzdbjgreaajuun74B

past.calculators.interior.RestartSensor

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.lkheosurybrhlzmqfvfulvwnggulmgkevkrgsujrmbuxxqmbbw5.iuiddhxiaymutxheclonuusivbnezirwfcyldzdbjgreaajuun7

android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.REBOOT
android.intent.action.LOCKED_BOOT_COMPLETED
miui.intent.action.BOOT_COMPLETEDT

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.lkheosurybrhlzmqfvfulvwnggulmgkevkrgsujrmbuxxqmbbw5.wwatdkbgshwzcbrhtfgwnrqvsmcpeglbdkrmqyrzurquhoitdm14_RC

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED
android.intent.action.MY_PACKAGE_REPLACED

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.lkheosurybrhlzmqfvfulvwnggulmgkevkrgsujrmbuxxqmbbw5.iuiddhxiaymutxheclonuusivbnezirwfcyldzdbjgreaajuun74

android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.USER_PRESENT

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.lkheosurybrhlzmqfvfulvwnggulmgkevkrgsujrmbuxxqmbbw5.dateiuiddhxiaymutxheclonuusivbnezirwfcyldzdbjgreaajuun7rec

android.intent.action.DATE_CHANGED

past.calculators.iuiddhxiaymutxheclonuusivbnezirwfcyldzdbjgreaajuun7_AR

android.app.action.DEVICE_ADMIN_ENABLED

Services

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.kqjhgnkszldzgkjagazrjoxixdmtlzhcebbguwnzwgcqoiilte3.iuiddhxiaymutxheclonuusivbnezirwfcyldzdbjgreaajuun72

android.accessibilityservice.AccessibilityService

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.kqjhgnkszldzgkjagazrjoxixdmtlzhcebbguwnzwgcqoiilte3.Vpniuiddhxiaymutxheclonuusivbnezirwfcyldzdbjgreaajuun71Service

android.net.VpnService

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.kqjhgnkszldzgkjagazrjoxixdmtlzhcebbguwnzwgcqoiilte3.Sdkklqguourfubzhzsauemnhqorulvvuwrysprvkimepflalygw6IME

android.view.InputMethod

Android Permissions

fotos (16).apk

Permissions

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.REQUEST_DELETE_PACKAGES

Sharing

General

Malware Config

Extracted

Signatures

Files

pbr.ddaw.wuicss.ncge

com.appd.instll.splash

Activities

com.appd.instll.splash

Permissions

past.calculators.interior

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.fnutxdjscrwtngsxnajudhtxwzycxmeguglaikzdyixcthoehk31

Activities

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.fnutxdjscrwtngsxnajudhtxwzycxmeguglaikzdyixcthoehk31

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.wwatdkbgshwzcbrhtfgwnrqvsmcpeglbdkrmqyrzurquhoitdm14_CA

Permissions

Receivers

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.lkheosurybrhlzmqfvfulvwnggulmgkevkrgsujrmbuxxqmbbw5.SRiuiddhxiaymutxheclonuusivbnezirwfcyldzdbjgreaajuun74B

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.lkheosurybrhlzmqfvfulvwnggulmgkevkrgsujrmbuxxqmbbw5.iuiddhxiaymutxheclonuusivbnezirwfcyldzdbjgreaajuun7

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.lkheosurybrhlzmqfvfulvwnggulmgkevkrgsujrmbuxxqmbbw5.wwatdkbgshwzcbrhtfgwnrqvsmcpeglbdkrmqyrzurquhoitdm14_RC

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.lkheosurybrhlzmqfvfulvwnggulmgkevkrgsujrmbuxxqmbbw5.iuiddhxiaymutxheclonuusivbnezirwfcyldzdbjgreaajuun74

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.lkheosurybrhlzmqfvfulvwnggulmgkevkrgsujrmbuxxqmbbw5.dateiuiddhxiaymutxheclonuusivbnezirwfcyldzdbjgreaajuun7rec

past.calculators.iuiddhxiaymutxheclonuusivbnezirwfcyldzdbjgreaajuun7_AR

Services

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.kqjhgnkszldzgkjagazrjoxixdmtlzhcebbguwnzwgcqoiilte3.iuiddhxiaymutxheclonuusivbnezirwfcyldzdbjgreaajuun72

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.kqjhgnkszldzgkjagazrjoxixdmtlzhcebbguwnzwgcqoiilte3.Vpniuiddhxiaymutxheclonuusivbnezirwfcyldzdbjgreaajuun71Service

past.calculators.rugriwhjrryrdltvrszwnhmrxiibxtbgmsianvpeoridrzstdy2.kqjhgnkszldzgkjagazrjoxixdmtlzhcebbguwnzwgcqoiilte3.Sdkklqguourfubzhzsauemnhqorulvvuwrysprvkimepflalygw6IME

Android Permissions

fotos (16).apk