Overview

overview

10

Static

static

7

26cf03ea89...57.apk

android-9-x86

10

26cf03ea89...57.apk

android-10-x64

10

26cf03ea89...57.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26cf03ea897b5a3cda9b1b6c68038e39a739cc0ab386572072be64686a4cf757.bin

  • Size

    880KB

  • Sample

    231013-anv4xafg7w

  • MD5

    2bded47baab3fac7d1ccc9e1e5e3ad35

  • SHA1

    d2c329e1385946b128e60392d384c5131313d679

  • SHA256

    26cf03ea897b5a3cda9b1b6c68038e39a739cc0ab386572072be64686a4cf757

  • SHA512

    42b6b40a5d4280e4760dfa8f47e69bf81c4a0791df0f261c1c5c4ae9b8b9b8405bfe1896b752a311fefd2e0f767855038bcd94528eb58d81a3430a45661a65a1

  • SSDEEP

    12288:/tbB1kaJ8nwXigoox75jEbQHYyuG9mVDqZgj74t:/NEaJ8oSEKWQq2/4t

Score
10/10
spynoteandroidbankerinfostealerrattrojan

Malware Config

Extracted

Family

spynote

C2

16.ip.gl.ply.gg:23450

Targets

    • Target

      26cf03ea897b5a3cda9b1b6c68038e39a739cc0ab386572072be64686a4cf757.bin

    • Size

      880KB

    • MD5

      2bded47baab3fac7d1ccc9e1e5e3ad35

    • SHA1

      d2c329e1385946b128e60392d384c5131313d679

    • SHA256

      26cf03ea897b5a3cda9b1b6c68038e39a739cc0ab386572072be64686a4cf757

    • SHA512

      42b6b40a5d4280e4760dfa8f47e69bf81c4a0791df0f261c1c5c4ae9b8b9b8405bfe1896b752a311fefd2e0f767855038bcd94528eb58d81a3430a45661a65a1

    • SSDEEP

      12288:/tbB1kaJ8nwXigoox75jEbQHYyuG9mVDqZgj74t:/NEaJ8oSEKWQq2/4t

    Score
    10/10
    spynotebankerinfostealerrattrojan

    • Spynote

      Spynote is a Remote Access Trojan first seen in 2017.

      bankertrojaninfostealerratspynote

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks