spynote | 712d71b6cb599f34f9404a3b7043b7e62ab6ffc20a8cd0ef5ecd0b08eb45a495 | Triage

Submit
Reports

Overview

overview

Static

static

ready.apk

android-10-x64

8

Sharing

General

Target

ready.apk
Size

6.2MB
Sample

230912-eaachadf46
MD5

8cc0497abcf026e4248c8d5d079a2736
SHA1

3d37f390f1de38e61facc2085db5b7c8a0b82961
SHA256

712d71b6cb599f34f9404a3b7043b7e62ab6ffc20a8cd0ef5ecd0b08eb45a495
SHA512

c32b4a4fc4aac49762b2da664efefa48dfeaa49c16080d02b49ebe790bba1e90e003b46b1eb5bb4c26e3f99f83695b24ad21cc47e06ea2efd1c115d2a8b64cbb
SSDEEP

24576:AR0JVRvwmn9XKngQpyLgVuh55oEWQ1KJlxpfzO92Q:VNwmnMnzwdh7x/sZo

Score

10^/10

spynote android banker evasion

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ready.apk

Resource

android-x64-20230831-en

android-10-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

spynote

C2

fee-harmful.gl.at.ply.gg:41934

Targets

- Target
  
  ready.apk
- Size
  
  6.2MB
- MD5
  
  8cc0497abcf026e4248c8d5d079a2736
- SHA1
  
  3d37f390f1de38e61facc2085db5b7c8a0b82961
- SHA256
  
  712d71b6cb599f34f9404a3b7043b7e62ab6ffc20a8cd0ef5ecd0b08eb45a495
- SHA512
  
  c32b4a4fc4aac49762b2da664efefa48dfeaa49c16080d02b49ebe790bba1e90e003b46b1eb5bb4c26e3f99f83695b24ad21cc47e06ea2efd1c115d2a8b64cbb
- SSDEEP
  
  24576:AR0JVRvwmn9XKngQpyLgVuh55oEWQ1KJlxpfzO92Q:VNwmnMnzwdh7x/sZo
Score

8^/10

banker evasion
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Removes a system notification.
  evasion
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy