General
-
Target
Image Logger.apk
-
Size
6.3MB
-
Sample
250328-n95gcsxmx7
-
MD5
823837c2152c1b0418f5b394da9adec7
-
SHA1
9fcff40616bf982cec57a227fe368bfb59ca868a
-
SHA256
e600a3c55b71d262130bcb33e70bca5ed5d867ed2076ad952fdf4f94e1e37c04
-
SHA512
512010775e9dadcac524797194faccd706d5fe3ed4c803b27554f5f8a77943fd55e4f057175d8c355724237970752893e18f1cb2153686cc4fd88fe854165136
-
SSDEEP
98304:wk9GRSv9xebyOPOc9rMmBopvfzymzhzB7ZT60tFe1i5:w3Sv9IbNFVM4u5zxZEu
Malware Config
Targets
-
-
Target
Image Logger.apk
-
Size
6.3MB
-
MD5
823837c2152c1b0418f5b394da9adec7
-
SHA1
9fcff40616bf982cec57a227fe368bfb59ca868a
-
SHA256
e600a3c55b71d262130bcb33e70bca5ed5d867ed2076ad952fdf4f94e1e37c04
-
SHA512
512010775e9dadcac524797194faccd706d5fe3ed4c803b27554f5f8a77943fd55e4f057175d8c355724237970752893e18f1cb2153686cc4fd88fe854165136
-
SSDEEP
98304:wk9GRSv9xebyOPOc9rMmBopvfzymzhzB7ZT60tFe1i5:w3Sv9IbNFVM4u5zxZEu
Score10/10-
Spynote
Spynote is a Remote Access Trojan first seen in 2017.
-
Spynote family
-
Spynote payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-