Overview

overview

10

Static

static

10

google.apk

android-9-x86

8

google.apk

android-10-x64

7

google.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    google.apk

  • Size

    3.0MB

  • Sample

    230815-ht8wysbc91

  • MD5

    c2de908e9d5866de3ee126b60ea06aad

  • SHA1

    7d2f732c480d5da43ece71eb4214c50e30c51ff6

  • SHA256

    21ee2bbe6babe6b4e98f88649d8b200aa6fcb6822722e01dc467a7c3b628d896

  • SHA512

    75176f8da47a2a923c2c43a41be3c87ec4dce2186050efde141de26f1580465ab0a61625dbd2afa39f9c9412d2d2308f5a7c386b1e91276bace6e0cccfbd8453

  • SSDEEP

    12288:OVnEONTUIUM9GhLnKaU2mGOxF9HukGCbJvt+6iuoxRmJqX9eHN1abVWiwsgAWY3:RAUHhn/RmJ5H5bJ1iuoxx9e2fl3

Score
10/10
spynoteandroidbankerevasion

Malware Config

Extracted

Family

spynote

C2

175.41.21.43:1151

Targets

    • Target

      google.apk

    • Size

      3.0MB

    • MD5

      c2de908e9d5866de3ee126b60ea06aad

    • SHA1

      7d2f732c480d5da43ece71eb4214c50e30c51ff6

    • SHA256

      21ee2bbe6babe6b4e98f88649d8b200aa6fcb6822722e01dc467a7c3b628d896

    • SHA512

      75176f8da47a2a923c2c43a41be3c87ec4dce2186050efde141de26f1580465ab0a61625dbd2afa39f9c9412d2d2308f5a7c386b1e91276bace6e0cccfbd8453

    • SSDEEP

      12288:OVnEONTUIUM9GhLnKaU2mGOxF9HukGCbJvt+6iuoxRmJqX9eHN1abVWiwsgAWY3:RAUHhn/RmJ5H5bJ1iuoxx9e2fl3

    Score
    8/10
    bankerevasion

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks