General
-
Target
client.apk
-
Size
760KB
-
Sample
250330-m622dsxtgw
-
MD5
d5989d6df6e37d467004a5b6c40b6428
-
SHA1
0cf14062cad25aba8a12a3747148716a4118fdd5
-
SHA256
475f250a6228f34e779aadaa13a4751f2eff98d004208148dacf0bae2f7adfbb
-
SHA512
46ceba27de54b47994c9637ad19d6bc0875e878b82c36df037a17ecc64d13ecfa1ae17992e2c3000103fa6770d65c1d5d590466b776d12c42a1a223b7b0e9e22
-
SSDEEP
12288:dtOv6Ov5a1a8LreD4Hahkyh5WmpYshXZPbGwidNpgrS:dgima1a2eDxhkyh5WmD9idNp9
Malware Config
Extracted
spynote
4.tcp.eu.ngrok.io:13556
Targets
-
-
Target
client.apk
-
Size
760KB
-
MD5
d5989d6df6e37d467004a5b6c40b6428
-
SHA1
0cf14062cad25aba8a12a3747148716a4118fdd5
-
SHA256
475f250a6228f34e779aadaa13a4751f2eff98d004208148dacf0bae2f7adfbb
-
SHA512
46ceba27de54b47994c9637ad19d6bc0875e878b82c36df037a17ecc64d13ecfa1ae17992e2c3000103fa6770d65c1d5d590466b776d12c42a1a223b7b0e9e22
-
SSDEEP
12288:dtOv6Ov5a1a8LreD4Hahkyh5WmpYshXZPbGwidNpgrS:dgima1a2eDxhkyh5WmD9idNp9
Score8/10-
Removes its main activity from the application launcher
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Tries to add a device administrator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1