Overview

overview

10

Static

static

10

ambev.2.1.apk

android-9-x86

8

ambev.2.1.apk

android-10-x64

6

ambev.2.1.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ambev.2.1.apk

  • Size

    3.8MB

  • Sample

    230610-1l2rsafh44

  • MD5

    55ff3a8221325989e7b37ae93aa00588

  • SHA1

    74f483df5ddca5e1bc322bc5d121627c9e96829f

  • SHA256

    9263a05f6ca2a1c9b52aa5a52cac5b5881745ff09ddd769f921ed306b32c5f6c

  • SHA512

    d3192f09bdb9a356adc1408f11546148059abe9aaa23c6d865d61760faee7fe4540de8ba4a2c9b49f488c3a1517debbf4b6ef5a9fa99774b056aebf3e985b488

  • SSDEEP

    12288:avpl2xk7BsXW8FXgnz6DD2NMUO2b2cSqrDZ1nm:avpl22NsjFXgnzZMUOuSq3vm

Score
10/10
spynoteandroidevasion

Malware Config

Extracted

Family

spynote

C2

1.tcp.sa.ngrok.io:21163

Targets

    • Target

      ambev.2.1.apk

    • Size

      3.8MB

    • MD5

      55ff3a8221325989e7b37ae93aa00588

    • SHA1

      74f483df5ddca5e1bc322bc5d121627c9e96829f

    • SHA256

      9263a05f6ca2a1c9b52aa5a52cac5b5881745ff09ddd769f921ed306b32c5f6c

    • SHA512

      d3192f09bdb9a356adc1408f11546148059abe9aaa23c6d865d61760faee7fe4540de8ba4a2c9b49f488c3a1517debbf4b6ef5a9fa99774b056aebf3e985b488

    • SSDEEP

      12288:avpl2xk7BsXW8FXgnz6DD2NMUO2b2cSqrDZ1nm:avpl22NsjFXgnzZMUOuSq3vm

    Score
    8/10
    evasion

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Legitimate hosting services abused for malware hosting/C2

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks