spynote | d90c0971f2377c01e97ae5a5fa39b174dcbd9915e4a5044bd6789c179706ccdf | Triage

Sharing

General

Target

STandoffGOLDA (1).apk
Size

760KB
Sample

231013-1p59daeb28
MD5

6902f2ad3987835b1187ebf93e69e804
SHA1

42fda334335d69fe8d7dc4d12ecede00abd68a8c
SHA256

d90c0971f2377c01e97ae5a5fa39b174dcbd9915e4a5044bd6789c179706ccdf
SHA512

7d7e9c0262623427eeeafeb96e55b80e7e3e95e4f917642500f1e3bbf314abc1458316f6978b0b16c62bef6b66d609d8ee797ee6870a0a847ccbda034b805ca3
SSDEEP

12288:SRjom0a1a8LzeJjph1v+c5WmpYshXZPbGwidNpgU:Sd0a1ameJb1v+c5WmD9idNpD

Score

10^/10

spynote android banker

Malware Config

Extracted

Family

spynote

C2

2.tcp.eu.ngrok.io:12736

Targets

- Target
  
  STandoffGOLDA (1).apk
- Size
  
  760KB
- MD5
  
  6902f2ad3987835b1187ebf93e69e804
- SHA1
  
  42fda334335d69fe8d7dc4d12ecede00abd68a8c
- SHA256
  
  d90c0971f2377c01e97ae5a5fa39b174dcbd9915e4a5044bd6789c179706ccdf
- SHA512
  
  7d7e9c0262623427eeeafeb96e55b80e7e3e95e4f917642500f1e3bbf314abc1458316f6978b0b16c62bef6b66d609d8ee797ee6870a0a847ccbda034b805ca3
- SSDEEP
  
  12288:SRjom0a1a8LzeJjph1v+c5WmpYshXZPbGwidNpgU:Sd0a1ameJb1v+c5WmD9idNpD
Score

8^/10

banker
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3