Dosya Kimligi
| SHA256 | 87def7f445734b4b4f532e46b6b058f5b0f8b74085ef90d812cf83a29c84b4e |
|---|---|
| Dosya Adi | ready.apk |
| Platform | Android APK |
| Boyut | 704.893 byte |
| String Sayisi | 3.204 |
Acik Metin C2 -- DOGRULANMIS
everspy.ru <-- SpyNote C2 alan adi (ACIK METIN)
Android RAT UI Kaniti
user-select: none; (CSS) webkit-inner-spin (WebKit CSS) -- WebView tabanli Android kontrol paneli HTML/CSS
SpyNote Hakkinda
SpyNote, 2016'dan beri aktif Android RAT ailesidir. Kamera/mikrofon erisimi, GPS konum, SMS/arama kaydi, ekran goruntuleme, uygulama listeleme ve dosya yukleme/indirme ozelligi vardir. .ru domaini uzerinde C2 panel barindirarak Dogu Avrupa/Rusya mensel aktorlerle iliskilendirilmistir.
IOC
| SHA256 | 87def7f445734b4b4f532e46b6b058f5b0f8b74085ef90d812cf83a29c84b4e |
|---|---|
| C2 | everspy.ru |
| Platform | Android APK |
SpyNote — Malware Profile
SpyNote Android RAT (SpyMax/CypherRAT). com.clean.exchanges.xyz sahte kripto. Genymotion vbox86p emulator tespiti. Telegram C2.
Technical Details
Java/Kotlin (Android), bcast receiver persistence, SMS/contact stealer, camera/mic erisim, location tracking, keylogger (Accessibility Service), remote shell, screen record, banking app overlay
Capabilities & Behavior
IOC List (1 indicators)
# DOMAIN
everspy.ru
| Type | Value | Note |
|---|---|---|
| domain | everspy.ru |
C2 Servers (1 recorded servers for this family)
| Address | Type | Port | Protocol | Status | Country |
|---|---|---|---|---|---|
| everspy.ru | domain | — | TCP | inactive | — |
C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.