Overview

overview

10

Static

static

10

0e66bf35dc...ba.apk

android-9-x86

8

0e66bf35dc...ba.apk

android-10-x64

8

0e66bf35dc...ba.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e66bf35dc82a777e4957dc767b77fba.apk

  • Size

    10.3MB

  • Sample

    231106-mnsp1acb62

  • MD5

    0e66bf35dc82a777e4957dc767b77fba

  • SHA1

    6a0eca4a9f6e7fa8f74f85cdba11fb91d29ba19b

  • SHA256

    04bf3e009a515b428459aff7beddd6c9d0c8593fd9a44af0aca5caa9b04317ea

  • SHA512

    c7ebe344cc7757eb5b36a4ab76a90e0dba5b4ef705edf362a45e6373a602de7e86dc7e0e081b95116b46a3b6dde146980388715266eba48ab97355e500a81726

  • SSDEEP

    98304:4z34RVvmbqMOizRAlUUaFw45j4hH8iO+mzDzBXTR0tUgzYaN:KYVvmhAlhaW4147OZztuTT

Score
10/10
spynoteandroidbankerevasion

Malware Config

Extracted

Family

spynote

C2

178.236.247.124:7771

Targets

    • Target

      0e66bf35dc82a777e4957dc767b77fba.apk

    • Size

      10.3MB

    • MD5

      0e66bf35dc82a777e4957dc767b77fba

    • SHA1

      6a0eca4a9f6e7fa8f74f85cdba11fb91d29ba19b

    • SHA256

      04bf3e009a515b428459aff7beddd6c9d0c8593fd9a44af0aca5caa9b04317ea

    • SHA512

      c7ebe344cc7757eb5b36a4ab76a90e0dba5b4ef705edf362a45e6373a602de7e86dc7e0e081b95116b46a3b6dde146980388715266eba48ab97355e500a81726

    • SSDEEP

      98304:4z34RVvmbqMOizRAlUUaFw45j4hH8iO+mzDzBXTR0tUgzYaN:KYVvmhAlhaW4147OZztuTT

    Score
    8/10
    bankerevasion

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks