spynote | 7cc54014207bdd46685eee88130db3ac61f38414233eacb254c8d693a438c620 | Triage

Sharing

General

Target

client.apk
Size

760KB
Sample

231013-1xtwbaec53
MD5

7cb986e89d2d6c6b1b714d8408bf376c
SHA1

b1f104c6024917546e96194986acde09fa0091f2
SHA256

7cc54014207bdd46685eee88130db3ac61f38414233eacb254c8d693a438c620
SHA512

ab2387c9c9815a6401118e29a51b72d85b9a94de1c3121d4a49bf8ef5caedd525dcf8b9b3add45dbf66dc3b4b0f6ec9c155a494aa062fb725a9b6589d878fd87
SSDEEP

12288:HbOsxEa1a8Lre9cdcbGYwn5WmpYshXZPbGwidNpgAx:H6na1a2e9NbGYwn5WmD9idNpv

Score

10^/10

spynote android banker

Malware Config

Extracted

Family

spynote

C2

0.tcp.eu.ngrok.io:15753

Targets

- Target
  
  client.apk
- Size
  
  760KB
- MD5
  
  7cb986e89d2d6c6b1b714d8408bf376c
- SHA1
  
  b1f104c6024917546e96194986acde09fa0091f2
- SHA256
  
  7cc54014207bdd46685eee88130db3ac61f38414233eacb254c8d693a438c620
- SHA512
  
  ab2387c9c9815a6401118e29a51b72d85b9a94de1c3121d4a49bf8ef5caedd525dcf8b9b3add45dbf66dc3b4b0f6ec9c155a494aa062fb725a9b6589d878fd87
- SSDEEP
  
  12288:HbOsxEa1a8Lre9cdcbGYwn5WmpYshXZPbGwidNpgAx:H6na1a2e9NbGYwn5WmD9idNpv
Score

8^/10

banker
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3