Overview

overview

10

Static

static

10

MyDiveDeals.apk

android-9-x86

8

MyDiveDeals.apk

android-10-x64

7

MyDiveDeals.apk

android-11-x64

8

08eba805c9...ac3.js

windows7-x64

1

08eba805c9...ac3.js

windows10-2004-x64

1

08eba805c9...002.js

windows7-x64

1

08eba805c9...002.js

windows10-2004-x64

1

144.9655be...unk.js

windows7-x64

1

144.9655be...unk.js

windows10-2004-x64

1

68.a0c7b2ab.chunk.js

windows7-x64

1

68.a0c7b2ab.chunk.js

windows10-2004-x64

1

7.d78e4aac.chunk.js

windows7-x64

1

7.d78e4aac.chunk.js

windows10-2004-x64

1

AFFIN.html

windows7-x64

1

AFFIN.html

windows10-2004-x64

1

AM.html

windows7-x64

1

AM.html

windows10-2004-x64

1

AM_Pass.html

windows7-x64

1

AM_Pass.html

windows10-2004-x64

1

Alliance.html

windows7-x64

1

Alliance.html

windows10-2004-x64

1

Alliance_Pass.html

windows7-x64

1

Alliance_Pass.html

windows10-2004-x64

1

BI.html

windows7-x64

1

BI.html

windows10-2004-x64

1

BSN.html

windows7-x64

1

BSN.html

windows10-2004-x64

1

CC.html

windows7-x64

1

CC.html

windows10-2004-x64

1

CCValidate_fred.js

windows7-x64

1

CCValidate_fred.js

windows10-2004-x64

1

CIMB.html

windows7-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    MyDiveDeals.apk

  • Size

    12.2MB

  • Sample

    230712-n31jtsda56

  • MD5

    671c728d18118d4064fa288eed506120

  • SHA1

    6c077de62b37aff28f617e8db587de05f2bf374d

  • SHA256

    a539d549b03f5846cdd76ab199d755cee4004a24545d113f816772fd63b282dd

  • SHA512

    2223a1b360e6dddb58168aed5bf607f81bfb01de6f9a799a40ebc75e639506eb2866606d66700e5f64f6b491334369b6c0bf00fc11d1e0252651c80503112293

  • SSDEEP

    196608:+cs2JzyH9xcw34Tq1L0v5o2Tr7+2L/YuXgSulo9qUHB1OKcLRvLr2pWsUsS:nssIxcHoL0v5TS2LQ96h1OKctvLipW7

Score
10/10
spynoteandroidbankerevasion

Malware Config

Extracted

Family

spynote

C2

103.167.199.111:7771

Targets

    • Target

      MyDiveDeals.apk

    • Size

      12.2MB

    • MD5

      671c728d18118d4064fa288eed506120

    • SHA1

      6c077de62b37aff28f617e8db587de05f2bf374d

    • SHA256

      a539d549b03f5846cdd76ab199d755cee4004a24545d113f816772fd63b282dd

    • SHA512

      2223a1b360e6dddb58168aed5bf607f81bfb01de6f9a799a40ebc75e639506eb2866606d66700e5f64f6b491334369b6c0bf00fc11d1e0252651c80503112293

    • SSDEEP

      196608:+cs2JzyH9xcw34Tq1L0v5o2Tr7+2L/YuXgSulo9qUHB1OKcLRvLr2pWsUsS:nssIxcHoL0v5TS2LQ96h1OKctvLipW7

    Score
    8/10
    bankerevasion

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1behavioral2behavioral3

    • Target

      08eba805c9ab2000a0a618d12adac1d62c01b41a62b2f86c7babe9f0ccbb3ac3

    • Size

      282KB

    • MD5

      3c70da50f1a289bc641fdebba968699f

    • SHA1

      9ac351700c953c70215281efb358f0d530a7bfd0

    • SHA256

      f7decbaa0fda6e98f40f24629e45fdde0d65d5ec755957399bd33d845647705b

    • SHA512

      69829c84f48d5d751512ba7c325826b01cb33863642df4ce59ac1c5c59d2b2552a8d3df0a27b477c6c78eb8b17d2edb284c40e3df0305be1dc90856c9e3717b1

    • SSDEEP

      6144:6T0xv1VSB8OUfajjPKO7fcmlGMLEFhpyeAOMwyc9JX2:6T0wK2km1AFhIcG

    Score
    1/10
    behavioral4behavioral5

    • Target

      08eba805c9ab2000a0a618d12adac1d62c01b41a62b2f86c7babe9f0ccbb_002

    • Size

      51KB

    • MD5

      c2e3dd5a6731ab68f051021eff499f4f

    • SHA1

      6739b37fb552d92db4ca07e5f25e783950b0ec75

    • SHA256

      552f179b8856e5355d6d5865abf56d10af6a0e698c3a8ea2b5610c459fbe37a3

    • SHA512

      e3f0632e47196d4107d15dcbc13b8ee84e2aa83d666deab9da9714d73ddfb7d68f871e90e9be56c43b20ea6e013a064698ebc5d2a8e58ef9eaee1ef4439643b5

    • SSDEEP

      768:C6Kb48Wh9ByAoz6QlpdczCgTJxf53wQ+qv+dgUCn91yiHHNYF5CgPVPCwJ9FYDdX:2ypozhlpduHxf4qBUC9Z6FEMZLJkDdX

    Score
    1/10
    behavioral6behavioral7

    • Target

      144.9655bebefd6cee9a3bec.chunk.js.download

    • Size

      116KB

    • MD5

      812143ad8985522f1631eed13e442084

    • SHA1

      a57b8e451ff1855cdeb62d1e0a5c7c58e4d69f1b

    • SHA256

      a8d17ef8913996e3a6ed1ec74c4e90d3e21246d09b2abdbf1d3b40a3332a3b13

    • SHA512

      76caf519ece6b4a68a726f4305a3eca93fc0566d5036d8b8ed431ba16af9dca810b4461941daaa9124ffec70e83bfc2bf32719858d3842ab7b2cfe40f1eaf374

    • SSDEEP

      768:5KHO/V5RrNAQmb60I6RQD9POdEjkO9YoIZKiu31dfhhO+E1vX/QS8IsVMqZbmZym:5Hv4Q461D9PPj1yWcvvQAywiE

    Score
    1/10
    behavioral8behavioral9

    • Target

      68.a0c7b2ab.chunk.js.download

    • Size

      20KB

    • MD5

      adcc03acfc6a8d5108a2d48dc5b7a4df

    • SHA1

      6b79f71b335275886488353d24659d0af1272ae4

    • SHA256

      6b38e5991c3dcb5d7b4a9dfb3de2c3f13b1b7cae37f3fa9dde47dcc7ac488f12

    • SHA512

      ae8510c6a47fcc38cb7deff50699739c37a77a062fd7f2d5a31d378bb54d67b7243bd1f24811bf1655a3b4957be6fd6ee7d4d81ca7901d2510591f5843dcec63

    • SSDEEP

      384:Vk8HoQIQHq+xepjnAxaAKFNlwdf9hdhYyKSgW7I:uSj9xaAAAdf9hdhYyKSgeI

    Score
    1/10
    behavioral10behavioral11

    • Target

      7.d78e4aac.chunk.js.download

    • Size

      2.8MB

    • MD5

      6154741cc42aae2cae784c4251be0af7

    • SHA1

      166f24cdccc51142aaf7e6885a1fb43274ec1dd3

    • SHA256

      e4d8a17c998d1374c3618fc57dc86d54bad2010e5eb7cea76b546dbbc6e13455

    • SHA512

      ec9f1813c97c49b215b7fe8877254bc848c288560f04cafac9535389eef33b62d61016034669af65c9b0631907707a56620fa0b4941f6dc931ab09ad2e5a8f05

    • SSDEEP

      24576:dUguqqMOrG/KMiXkPG1jI4wRMMV1xSXRUqWRIH+dLJ55goWV19:dUXG/KMiXkPG1SV1xmRUqWRIKRWV19

    Score
    1/10
    behavioral12behavioral13

    • Target

      AFFIN.html

    • Size

      540KB

    • MD5

      4adb19fa2579714df9416770c1584ced

    • SHA1

      646790aec3c039ff6a63e40ce092f124b36b90a2

    • SHA256

      31abd336b8c6416dd6a66885c13a693a456beb40b388d36b6583344fb28ddb96

    • SHA512

      984da0cce454aaadb48737db0ef719d9fcc0c2c75ec7e94967984f86e9db3807321dc09150b062f23c6fe483154f698008f847edc9dd53d16161ad5e76b1fe7d

    • SSDEEP

      1536:lpvD6TRYC+ETujk1+H5a2FJibY+mjU2R+Wr6XNLpRvhTWAn1+yCK+HCvG7HRLVSt:lZY

    Score
    1/10
    behavioral14behavioral15

    • Target

      AM.html

    • Size

      223KB

    • MD5

      2be390d456ff284109c4482ebc04e275

    • SHA1

      d20c7c773a13161f850f2bd51fdbf8b1cf6b06c7

    • SHA256

      34516f0631ce2b6a9bec0b6bc3c425f031f70312bcb7d7b1dec05fef911bfcd6

    • SHA512

      c95fb4f89a128b209d9e5aa4bb619f04d808f404f072e456507b52592e4079d423444a36216621092a59bfb154e2622a41e2fe45de329e6d1619fc90c68087b7

    • SSDEEP

      1536:xO8oVE7Ew/2LUb0kqMWUn3mcubpLzWFlofQpZrsyq5Uvcf:xO8oVE7EwgUInC3WooSvcf

    Score
    1/10
    behavioral16behavioral17

    • Target

      AM_Pass.html

    • Size

      222KB

    • MD5

      940843f8dc86ee10fc6a9162a73d2f0c

    • SHA1

      33cc6f2793219f060ad6e108758c6b058cfca5d7

    • SHA256

      6c590f0990cc1a84ce9766bc20f8785caf231b095403909284c3fd6cfb356c0a

    • SHA512

      5b212ac041bf30d5232cc5adc1cca5f3eb3d7ffbd2a3fcb0b78f79660b16b3b0f97edd98e784c0933676968c2b3e870bb9b940af949ed9bbadee32a857e23178

    • SSDEEP

      1536:xO8oVE7Ew/2LUb0kqMWUn3mcubpLzWFlofQpZrsyq5UvcJ:xO8oVE7EwgUInC3WooSvcJ

    Score
    1/10
    behavioral18behavioral19

    • Target

      Alliance.html

    • Size

      13KB

    • MD5

      afc5a746bd6b54e8cc95059b5c260e60

    • SHA1

      d56066577be2cd9e5b81d484003fa21443140c52

    • SHA256

      68af3dc6da765e71d4e5ad93e8d65a154f9378ffc47e7ef6c2f80d8d00fb5901

    • SHA512

      baa523592764de7ec8512b31b443da670d68f2aa0be0f94d1ef4b8f952125e2901bba1e415b72452895af449f243ecb3b809d4224c4d01c47bbe3ae2ea5a6e99

    • SSDEEP

      192:3lGVbQ9z74foZ2QZxTguP3UjuCSYbMBI4xUbRt8nf+CcB8Nsrhave:VlK2lUuP8o24cB8KrhaG

    Score
    1/10
    behavioral20behavioral21

    • Target

      Alliance_Pass.html

    • Size

      14KB

    • MD5

      5f474e5b8fe099d3d1bea1f1a5b358a2

    • SHA1

      f98f320475a910032517404e58b6a51bb92e5a8f

    • SHA256

      81199facb6ebc6af6cbe58b60903b44b1e93079d4f62485f35080237af8ee521

    • SHA512

      5d3bd4dce350e655df2d108e2cb27c689be87e7503ede053d768a61d0b8efdfba5f5e043e0179c649b8abdc634cffd6b7bc3b9890970afe627d23dfb8160efcb

    • SSDEEP

      384:BCyngv9Rn5hG/X4RYRltRqMAyX+8WLLaX11WggcM2sds7sbWLhGr:BVnIzUFlgcwr

    Score
    1/10
    behavioral22behavioral23

    • Target

      BI.html

    • Size

      5KB

    • MD5

      513a625756b0169b4a0f2bdffc253d04

    • SHA1

      1af5ecb2bd68ac591dfbdc9622b05eeed195cb3a

    • SHA256

      5bd69ea833908259c2e355884504f903479833b753c30ac5cb0578fe3759ea6f

    • SHA512

      2eab69bca6e6f1ea21b533feb0a70c93d087456107cf153b6706995ce3a2b96c90bf8e02c4072bd60da9d1a9eafed9ea1d6fa5171ce4e4ba2f626bb24e106a7c

    • SSDEEP

      96:y+didlb4Mb9QlsMLnymLI80ute75E4yvK05M:DalbxQls0yyYaRyv

    Score
    1/10
    behavioral24behavioral25

    • Target

      BSN.html

    • Size

      7KB

    • MD5

      b24be79adda1bd97b70c23023e99285f

    • SHA1

      b55ba88e823eb3a95797c416b2ff80d7be6c1689

    • SHA256

      5f499bc8163c7ec6cbb60ff4405d668700daa8766286e3836210f90a9dc70c38

    • SHA512

      00e4d04123fa0f77f9e863605bce5864ad39deb647c176d887af2527d93bca5b7f87c3cecfb4ea50ef9513a06148b5381da7cecfaa16559e33178205d3a199b5

    • SSDEEP

      48:RJJBmgFWGj6TdGruKvbSQHj+M63vJBnOsNXKjtWP4RC5Q:OwWG+RSvbHjQvr4jEPGC5Q

    Score
    1/10
    behavioral26behavioral27

    • Target

      CC.html

    • Size

      8KB

    • MD5

      a33b827296943760b5e0b0da198ff669

    • SHA1

      4f0f24bf46a809a5b44f83ab593dc99ee35e1f90

    • SHA256

      cc3154a9ccb43085441e5f0a9e9fc9eaeef353110a0e4790e9c9e1027806936f

    • SHA512

      35f5f5f93d504b366fe982e5118b91d89fa464be6c90ce00b85ccc32d66aa07c79c448f3463cc72636ef5e273ab6a94fdb87d147cc549c37953a56904309bed1

    • SSDEEP

      96:m4DBbAqRxOjJ9SdJhBbAqRxOjJ9SdJI0U34pUIY48iGP91iWwXE405pUrb:m4DBbAqRxO1EdJhBbAqRxO1EdJIR3S7H

    Score
    1/10
    behavioral28behavioral29

    • Target

      CCValidate_fred.js.download

    • Size

      4KB

    • MD5

      0b23cce85b16545542d95d7315502e57

    • SHA1

      898ac2d2ab2f8535766394a034d335ab61ca04d1

    • SHA256

      7223e9f9ffc8390eebcb173b8769214815a8e8fef84e5617e7ce3a824e4144a3

    • SHA512

      73770d2dab0636a3dbdaa4c6a4c3bf10cdd93d6fd8c1e4fac0bbad0512e29b68370057e9125810304bf0f8976f318a3259acc7211ac65ce4a3dead67172b2f4c

    • SSDEEP

      48:kxuLksJyVdIjNPWXex7mk1+fo4ix2+99tFSnC2OEuPvAcPFRx0QWJyiCo6LJwTks:kxm3Hpx74ix2+XSbI42R3pbh1fId5

    Score
    1/10
    behavioral30behavioral31

    • Target

      CIMB.html

    • Size

      22KB

    • MD5

      211073bb8d931f4486adf4a4225659c0

    • SHA1

      8decb92a631781860001f9541120b42349e96d1e

    • SHA256

      656edc5c455fd633be7c3b026b24e2adf2079ac2bad3d520551ff04e42ffb448

    • SHA512

      da5ecbdaf0bf36673c151ac2398a16871d66ae1b5176a4a14694f5476b0ae2d182b9d800688a4e50b1ccdce14e8d04684ddf04b34ce39bb268cdbc536aaae0e8

    • SSDEEP

      384:bQ3zPtlUFBDtt1OpVkVEBNEkKcKrwtO35s/wtHU+koFGTYpY3uo/wtiVrtcMtTal:UDPt60zR2nEuvrlV

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

spynote
Score
10/10

behavioral1

bankerevasion
Score
8/10

behavioral2

Score
7/10

behavioral3

Score
8/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10