spynote | 772c84379e3052b184041befcb20a1454b61a7fffb1cfaeb864bf68cb684d67e | Triage

Resubmissions

01-11-2023 01:32

231101-bye14sgf6y 10

Sharing

General

Target

231002-n4nlnaab6y_pw_infected.zip
Size

577KB
Sample

231101-bye14sgf6y
MD5

f7bc73644dadf68fc02b472a671f0e79
SHA1

045f8964e540c6d1707796fbbdad78d8c941226a
SHA256

772c84379e3052b184041befcb20a1454b61a7fffb1cfaeb864bf68cb684d67e
SHA512

183342a370c8f3372a463b807b0b255a5972a13ca16755503204d8dd7401c082e04b3c7c80f9aeb333144f6d02eb2197b96af84c5d3f88912c7f1894d1227bbe
SSDEEP

12288:9Izgq1W0sd1zdqf/eftNd2PNN5m+fhFLCznOyo+MFxBKIl6SRUC:9KWfkXeHdms+ZFLCzOt+MFxBKIxCC

Score

10^/10

spynote android evasion stealth trojan

Malware Config

Extracted

Family

spynote

C2

104.233.160.107:1151

Targets

- Target
  
  Grab And GO v1.73.apk
- Size
  
  7.9MB
- MD5
  
  ac34306769579abd4e586879c10cba4f
- SHA1
  
  de091cd542c59ea8fb663aaa74c5605055c8abfc
- SHA256
  
  5643dc5315cced7c71ddd3451763cefb829d786246d3cb2bfbed2d4ddb39bcf8
- SHA512
  
  82fb1148173cfcbae669cae3fdc9266d5322b792e7ae80bc04fe0eafd521d8e085e959f29f3c746ea767a6f84d6106db33ed7faa4a9cc75f38314043e6facf02
- SSDEEP
  
  12288:DNe5uBN2jzdpR/v+2I2uHq++JKDG2cnYzQeBol+GbDrbBOalGpJ2lkU9qzYCEg:6uuzdpR/I2yq+aKDG2yYz/SfXB4cCEg
Score

8^/10

evasion stealth trojan
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

evasionstealthtrojan

behavioral2

evasionstealthtrojan

behavioral3

evasionstealthtrojan