Overview

overview

10

Static

static

10

1fdf6a9520...9f.apk

android-9-x86

1

1fdf6a9520...9f.apk

android-10-x64

1

1fdf6a9520...9f.apk

android-11-x64

1

childapp.apk

android-9-x86

7

childapp.apk

android-10-x64

8

childapp.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1fdf6a9520a77ffd1b2dad78d859eca3349c81fb7be3e999604f4492019f179f.apk

  • Size

    7.6MB

  • Sample

    250207-ez17hszpbm

  • MD5

    c79f0fe610b6e0366e073de780c8f26f

  • SHA1

    71f5cad0228d194b7ec930e42ae05da7f42dd1cd

  • SHA256

    1fdf6a9520a77ffd1b2dad78d859eca3349c81fb7be3e999604f4492019f179f

  • SHA512

    e939456302eb4abb34e6efd0b2a31469234a458d4b34270639ce2b369c6ff4f16ff3e8ff6d0c2c4683143e83c07ad8c5b660d7763dab20d1175aa349fa41b634

  • SSDEEP

    196608:PQGu8fEeidzmF+HO7QBJXw8rolALyy1E/Ls89U:Tu8seFWO7k7ro6Lyy1Eg+U

Score
10/10
spynoteandroidcollectioncredential_accessdefense_evasionevasionexecutionpersistencestealthtrojan

Malware Config

Extracted

Family

spynote

C2

5cdnl0q.localto.net:8259

Targets

    • Target

      1fdf6a9520a77ffd1b2dad78d859eca3349c81fb7be3e999604f4492019f179f.apk

    • Size

      7.6MB

    • MD5

      c79f0fe610b6e0366e073de780c8f26f

    • SHA1

      71f5cad0228d194b7ec930e42ae05da7f42dd1cd

    • SHA256

      1fdf6a9520a77ffd1b2dad78d859eca3349c81fb7be3e999604f4492019f179f

    • SHA512

      e939456302eb4abb34e6efd0b2a31469234a458d4b34270639ce2b369c6ff4f16ff3e8ff6d0c2c4683143e83c07ad8c5b660d7763dab20d1175aa349fa41b634

    • SSDEEP

      196608:PQGu8fEeidzmF+HO7QBJXw8rolALyy1E/Ls89U:Tu8seFWO7k7ro6Lyy1Eg+U

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      childapp.apk

    • Size

      13.4MB

    • MD5

      4710daa3cd8fa7b671216a576aa12c0d

    • SHA1

      ac976a2fff89ba8ec2571fd3a3db3be137235d00

    • SHA256

      ed328236d8d8316f66a3e9303c2dd76dec983dd05a5e97f6af75220c6088211e

    • SHA512

      369b7fccdd161fbc96b686bdf9c4eaeabfc0666725f06879ca58e893d5415f69372f71b95fe1c5149452293d2b5ff7d4cc49260bb0dd15365eb760072692dff7

    • SSDEEP

      49152:AMg5EgnUfqs++5zt2brB1+23ejomM6G4Yq7zzdGGUQTOZ0cg2HMPmzSQfpUQFEcl:Ap+IUD++5sbrBe/zzBjTQ0towmzSKd5j

    Score
    8/10
    collectioncredential_accessdefense_evasionevasionexecutionpersistencestealthtrojan

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Acquires the wake lock

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion
    behavioral4behavioral5behavioral6

MITRE ATT&CK Mobile v15

Tasks