General
-
Target
client.apk
-
Size
760KB
-
Sample
250330-mycrjazj17
-
MD5
e3e4c9730579624ff04922b80fc5e769
-
SHA1
0aef084fe781390770e5accd1122d93f8c79b9ee
-
SHA256
6f74e53dcded8a518123706acb966f84e53433be94cbe765e1d0bb1603b68282
-
SHA512
09c81900a31d9add6abb3b0392616d8c7972f41d07b7fe3088a6516ee7e9e0ce9dd5d570c066192865ca677f36284db420c5faa5206369a6e6cfab5e5622c2fc
-
SSDEEP
12288:pD6xvvIa1a8LVeb0zmpw6V5WmpYshXZPbGwidNpgj1:pD6xYa1aKebdpw6V5WmD9idNpe
Malware Config
Extracted
spynote
127.0.0.1:4040
Targets
-
-
Target
client.apk
-
Size
760KB
-
MD5
e3e4c9730579624ff04922b80fc5e769
-
SHA1
0aef084fe781390770e5accd1122d93f8c79b9ee
-
SHA256
6f74e53dcded8a518123706acb966f84e53433be94cbe765e1d0bb1603b68282
-
SHA512
09c81900a31d9add6abb3b0392616d8c7972f41d07b7fe3088a6516ee7e9e0ce9dd5d570c066192865ca677f36284db420c5faa5206369a6e6cfab5e5622c2fc
-
SSDEEP
12288:pD6xvvIa1a8LVeb0zmpw6V5WmpYshXZPbGwidNpgj1:pD6xYa1aKebdpw6V5WmD9idNpe
Score8/10-
Removes its main activity from the application launcher
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Tries to add a device administrator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1