spymax | e408bb099256fd7a9ef1eed492b4eae2ada326a5a604b81894aa4cab76d191bc | Triage

Submit
Reports

Overview

overview

Static

static

njRAT Lime....0.apk

android-9-x86

8

Resubmissions

01-09-2023 14:11

230901-rhnajsfd44 10

01-09-2023 13:44

230901-q1wh7sfc72 10

Sharing

General

Target

njRAT Lime Edition 0.8.0.apk
Size

38KB
Sample

230901-q1wh7sfc72
MD5

1e418a62ec9e744f13ecdb6b476317e2
SHA1

10e7ad4d7ba1fa6785c481428e33d9cbc8e9381e
SHA256

e408bb099256fd7a9ef1eed492b4eae2ada326a5a604b81894aa4cab76d191bc
SHA512

f29e4555911007e3ce5371b65942d0bd1a1eb2d61f6dd12a30705bc98f3e6fd62726e4e9d75dacf68f4cb7027c276b0790e5662bb46ad83dc168bd1f097abab9
SSDEEP

768:EqBgi6rnRd3NF30C38lHw05BPWYFcfuYDO7cyFiw84uullnf:EqBgvn73NFdmx/PRbYCUw84uylf

Score

10^/10

spymax android banker stealth trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

njRAT Lime Edition 0.8.0.apk

Resource

android-x86-arm-20230831-en

banker stealth trojan

android-9-x86

8 signatures

1800 seconds

Malware Config

Extracted

Family

spymax

C2

5.tcp.eu.ngrok.io:10227

Targets

- Target
  
  njRAT Lime Edition 0.8.0.apk
- Size
  
  38KB
- MD5
  
  1e418a62ec9e744f13ecdb6b476317e2
- SHA1
  
  10e7ad4d7ba1fa6785c481428e33d9cbc8e9381e
- SHA256
  
  e408bb099256fd7a9ef1eed492b4eae2ada326a5a604b81894aa4cab76d191bc
- SHA512
  
  f29e4555911007e3ce5371b65942d0bd1a1eb2d61f6dd12a30705bc98f3e6fd62726e4e9d75dacf68f4cb7027c276b0790e5662bb46ad83dc168bd1f097abab9
- SSDEEP
  
  768:EqBgi6rnRd3NF30C38lHw05BPWYFcfuYDO7cyFiw84uullnf:EqBgvn73NFdmx/PRbYCUw84uylf
Score

8^/10

banker stealth trojan
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Requests cell location
  Uses Android APIs to to get current cell location.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Makes a phone call.
- Reads information about phone network operator.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bankerstealthtrojan

© 2018-2024

Terms | Privacy