General
-
Target
client.apk
-
Size
760KB
-
Sample
250330-m3cbkaxtbz
-
MD5
cf99b9b3f6dcb4b02e317cb3f42ab3d1
-
SHA1
162a0f13e5b80528390dddca4e85424927420a47
-
SHA256
213e24786c7e7440abb88538c12fa08d91d72669a733ea081b57b1ba6b787775
-
SHA512
b6328bc9160cacbf827defddcd2f84d547e5a29d5edf66f1f6cb74e6d45f39253b2cb4ce89df0e20cfcaf0421ab8ac510d79002c04a0691812f19117e5a46bf2
-
SSDEEP
12288:2KRNa1a8Lreg9iIQ85J5WmpYshXZPbGwidNpgRC:2aa1a2egZQ85J5WmD9idNpH
Malware Config
Extracted
spynote
ngrok-free.app:4040
Targets
-
-
Target
client.apk
-
Size
760KB
-
MD5
cf99b9b3f6dcb4b02e317cb3f42ab3d1
-
SHA1
162a0f13e5b80528390dddca4e85424927420a47
-
SHA256
213e24786c7e7440abb88538c12fa08d91d72669a733ea081b57b1ba6b787775
-
SHA512
b6328bc9160cacbf827defddcd2f84d547e5a29d5edf66f1f6cb74e6d45f39253b2cb4ce89df0e20cfcaf0421ab8ac510d79002c04a0691812f19117e5a46bf2
-
SSDEEP
12288:2KRNa1a8Lreg9iIQ85J5WmpYshXZPbGwidNpgRC:2aa1a2egZQ85J5WmD9idNpH
Score8/10-
Removes its main activity from the application launcher
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Tries to add a device administrator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1