spynote | 7e8a66852594a9789e1db2580dd5ed3a5be74684f2fd121a75e38f3a4954beab | Triage

Sharing

General

Target

ready.apk
Size

1.9MB
Sample

230911-1by8xabe59
MD5

025e03b86cc4ba86493846f520b54cad
SHA1

e7bf5eade97621895df0b9c72d69928feeee9c93
SHA256

7e8a66852594a9789e1db2580dd5ed3a5be74684f2fd121a75e38f3a4954beab
SHA512

99d226b342556d6e5a2d7edf8b42164c91648cd1ebb77eddd34307ca7d8a58be6ecc2c7d3530f24993f927249fd14b09d81212da8e5e0a2b768488377ed3ee8d
SSDEEP

12288:R5wwCuRnMIzwCbnLlG+rWwEfW+l5Wc7Xn45:RAsMIzwCbLlG3PfWJc7Xs

Score

10^/10

spynote android evasion stealth trojan

Malware Config

Extracted

Family

spynote

C2

fee-harmful.gl.at.ply.gg:0.tcp.sa.ngrok.io:41934:18968

Extracted

Family

spynote

C2

fee-harmful.gl.at.ply.gg:0.tcp.sa.ngrok.io:41934:18968

Targets

- Target
  
  ready.apk
- Size
  
  1.9MB
- MD5
  
  025e03b86cc4ba86493846f520b54cad
- SHA1
  
  e7bf5eade97621895df0b9c72d69928feeee9c93
- SHA256
  
  7e8a66852594a9789e1db2580dd5ed3a5be74684f2fd121a75e38f3a4954beab
- SHA512
  
  99d226b342556d6e5a2d7edf8b42164c91648cd1ebb77eddd34307ca7d8a58be6ecc2c7d3530f24993f927249fd14b09d81212da8e5e0a2b768488377ed3ee8d
- SSDEEP
  
  12288:R5wwCuRnMIzwCbnLlG+rWwEfW+l5Wc7Xn45:RAsMIzwCbLlG3PfWJc7Xs
Score

8^/10

evasion stealth trojan
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Legitimate hosting services abused for malware hosting/C2
- Removes a system notification.
  evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionstealthtrojan