General
-
Target
a1d1ef4aa6192febb467e048fa0968fe06e872ca98ea1951058db5794d3e6021.bin
-
Size
4.6MB
-
Sample
250216-1wqr9szqgz
-
MD5
7e2b70988e9e401fe7f93f6ca39db6fd
-
SHA1
896f153f468eee269db32236a4971512a736121b
-
SHA256
a1d1ef4aa6192febb467e048fa0968fe06e872ca98ea1951058db5794d3e6021
-
SHA512
4585d4abdeaa787fd124abc5410abe28d486237e80f2998b8f62a9452c6dda8e8d6415248b223ac76d9d9fb6c36ebb9313bc2ec5413d0f0079523e42d4743a67
-
SSDEEP
98304:uoUBWR6SQ8G16vWX0PQkgTLwUf2fraXM5r4LISJJ5ytkmnEGBF:ujSQ313kg3wUfml5riIcytkmNn
Malware Config
Targets
-
-
Target
a1d1ef4aa6192febb467e048fa0968fe06e872ca98ea1951058db5794d3e6021.bin
-
Size
4.6MB
-
MD5
7e2b70988e9e401fe7f93f6ca39db6fd
-
SHA1
896f153f468eee269db32236a4971512a736121b
-
SHA256
a1d1ef4aa6192febb467e048fa0968fe06e872ca98ea1951058db5794d3e6021
-
SHA512
4585d4abdeaa787fd124abc5410abe28d486237e80f2998b8f62a9452c6dda8e8d6415248b223ac76d9d9fb6c36ebb9313bc2ec5413d0f0079523e42d4743a67
-
SSDEEP
98304:uoUBWR6SQ8G16vWX0PQkgTLwUf2fraXM5r4LISJJ5ytkmnEGBF:ujSQ313kg3wUfml5riIcytkmNn
Score10/10-
Spynote
Spynote is a Remote Access Trojan first seen in 2017.
-
Spynote family
-
Spynote payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1