General
-
Target
client.apk
-
Size
760KB
-
Sample
250330-nccp3szlw9
-
MD5
6fc9294f3dd37a2fa0fbf869e5c6df8d
-
SHA1
f61bbdae56f02f2ac60f607cf3e47e664e6ec219
-
SHA256
1b083b1514fbbf0b1488a680a1f7f388620acbae4503ef28b3b1a5758fb97421
-
SHA512
138921c008ed51a8fb35af95d021a0b356ddd93ed702b33ed6af66453446d40edd5d801d2e5e9067aef5cec7fdd724bfad68670d14dbde2e55780e413166f8e4
-
SSDEEP
12288:8DZoa1a8LdeCvcHovx95WmpYshXZPbGwidNpgx6:8Ca1a6eCqovx95WmD9idNpP
Malware Config
Extracted
spynote
4.tcp.eu.ngrok.io:13556
Targets
-
-
Target
client.apk
-
Size
760KB
-
MD5
6fc9294f3dd37a2fa0fbf869e5c6df8d
-
SHA1
f61bbdae56f02f2ac60f607cf3e47e664e6ec219
-
SHA256
1b083b1514fbbf0b1488a680a1f7f388620acbae4503ef28b3b1a5758fb97421
-
SHA512
138921c008ed51a8fb35af95d021a0b356ddd93ed702b33ed6af66453446d40edd5d801d2e5e9067aef5cec7fdd724bfad68670d14dbde2e55780e413166f8e4
-
SSDEEP
12288:8DZoa1a8LdeCvcHovx95WmpYshXZPbGwidNpgx6:8Ca1a6eCqovx95WmD9idNpP
Score8/10-
Removes its main activity from the application launcher
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Tries to add a device administrator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1