General

  • Target

    21490202897.zip

  • Size

    7.9MB

  • Sample

    250224-mx2z2ayks7

  • MD5

    a5313a36d048433e060931e658b1b14f

  • SHA1

    adda526f1f0ae1de3ab7468aaaaad985d1839671

  • SHA256

    b41bd4ba86b32be0daf82f989da3f04b1b307160ab4f78651480256c02f5af11

  • SHA512

    d8f8fbafa0aaddd7194706fc210d9bb56c761f11164296e45e75296ea23e79212c73043c0dbbdfa8fdf341d8da2d5ddde798b6e700e481708d93764854a14ea9

  • SSDEEP

    196608:LwYs/Y/b8ZO59ZiCY6K96payQFgO6EVayzAPMMQBJDPV7TWRqg:UYs/YKO5qCe9u8GO6EXAPMMCP5WB

Malware Config

Targets

    • Target

      6fe32d6aeac5f1f747f484f8de4348f314fd086d7a72d4157de37ebb33ddb98a

    • Size

      8.1MB

    • MD5

      2ec24e9818f259fba9b495be9c171386

    • SHA1

      f62feaaf7dc576b275d44e304d8854acaf3ebec8

    • SHA256

      6fe32d6aeac5f1f747f484f8de4348f314fd086d7a72d4157de37ebb33ddb98a

    • SHA512

      fd30916870f5b96bff3b1372a5123f2bb344b34b1a0892ffd34479d06061ab8b2852af8bac07cb1d092475c79f0db828e0d186a7be9bc38069ada9159ad5cbdd

    • SSDEEP

      196608:If5rmOYfXvDC4ollgFg1vGqcvm+QMWhrItk8nCcv8R8/RoYxvfjzV:qdZY3DC4uiFg1vGqcvIMVtkovHZXZ

    • Spyagent

      SpyAgent, first seen in 2024, is an Android malware that targets crypto credentials using OCR.

    • Spyagent family

    • Spyagent payload

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests dangerous framework permissions

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks