Overview

overview

10

Static

static

7

26cf03ea89...57.apk

android-9-x86

10

26cf03ea89...57.apk

android-10-x64

10

26cf03ea89...57.apk

android-11-x64

10

Analysis

  • max time kernel
    1068429s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
  • submitted
    13-10-2023 00:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26cf03ea897b5a3cda9b1b6c68038e39a739cc0ab386572072be64686a4cf757.apk

  • Size

    880KB

  • MD5

    2bded47baab3fac7d1ccc9e1e5e3ad35

  • SHA1

    d2c329e1385946b128e60392d384c5131313d679

  • SHA256

    26cf03ea897b5a3cda9b1b6c68038e39a739cc0ab386572072be64686a4cf757

  • SHA512

    42b6b40a5d4280e4760dfa8f47e69bf81c4a0791df0f261c1c5c4ae9b8b9b8405bfe1896b752a311fefd2e0f767855038bcd94528eb58d81a3430a45661a65a1

  • SSDEEP

    12288:/tbB1kaJ8nwXigoox75jEbQHYyuG9mVDqZgj74t:/NEaJ8oSEKWQq2/4t

Score
10/10
spynotebankerinfostealerrattrojan

Malware Config

Extracted

Family

spynote

C2

16.ip.gl.ply.gg:23450

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • waiver.casio.transcript
    1⤵
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:4149

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/waiver.casio.transcript/app_mph_dex/dp.kotlin-v1.lua.mph
    Filesize

    1.4MB

    MD5

    39fcb4d588a8f1afb2ba5336f9d6568e

    SHA1

    0596d168613fcaef54076ae7aa5e6f8a404c9f9f

    SHA256

    366325dc67d8193e615fc5366eae9241c0ef28a643f9f2fb1110840a68210183

    SHA512

    4b8ff35641e97410c617edc3ac3413598942c9b413952bc956126cc8fa391a7daaa9062afd8c05c97d7fa166751aebba8405bf032902b45ca9912efaa5ec080a

    Download Submit
  • /data/user/0/waiver.casio.transcript/app_mph_dex/dp.kotlin-v1.lua.mph
    Filesize

    1.4MB

    MD5

    39fcb4d588a8f1afb2ba5336f9d6568e

    SHA1

    0596d168613fcaef54076ae7aa5e6f8a404c9f9f

    SHA256

    366325dc67d8193e615fc5366eae9241c0ef28a643f9f2fb1110840a68210183

    SHA512

    4b8ff35641e97410c617edc3ac3413598942c9b413952bc956126cc8fa391a7daaa9062afd8c05c97d7fa166751aebba8405bf032902b45ca9912efaa5ec080a

    Download Submit
  • /data/user/0/waiver.casio.transcript/app_mph_dex/dp.kotlin-v1.lua.mph
    Filesize

    1.4MB

    MD5

    39fcb4d588a8f1afb2ba5336f9d6568e

    SHA1

    0596d168613fcaef54076ae7aa5e6f8a404c9f9f

    SHA256

    366325dc67d8193e615fc5366eae9241c0ef28a643f9f2fb1110840a68210183

    SHA512

    4b8ff35641e97410c617edc3ac3413598942c9b413952bc956126cc8fa391a7daaa9062afd8c05c97d7fa166751aebba8405bf032902b45ca9912efaa5ec080a

    Download Submit