spynote | 0f5026f939b7fe23af7eada837ea645dd2992d7514a5b0880a1679c2a908e9ca | Triage

Submit
Reports

Overview

overview

Static

static

ready.apk

android-10-x64

8

Sharing

General

Target

ready.apk
Size

2.7MB
Sample

231117-3q4s2sgg5t
MD5

a58f1babad5e36870c747e4bbf67f233
SHA1

11d59fe6e57544e3ac16c084cc07505b4901a6d3
SHA256

0f5026f939b7fe23af7eada837ea645dd2992d7514a5b0880a1679c2a908e9ca
SHA512

15b1c2ce03d7d0ff6795d2aed671dedfed79bd27d81c0f2215af2d9f8b0e4ff0e00a676e064c764bd98627b37f8613863520a9dafa827a4cddd38b64c2cf2105
SSDEEP

49152:3bF1MIp8lMlTRaJdSIjAfZOb29BKN9dALbQ7R4ChN/3IKjK6tuvLcSYHm5mR0h:3bF7p86lNauU6ZOb290GLbdChjuvLFYg

Score

10^/10

spynote android banker evasion

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ready.apk

Resource

android-x64-20231023.1-en

android-10-x64

5 signatures

1800 seconds

Malware Config

Extracted

Family

spynote

C2

language-partnership.gl.at.ply.gg:19982

Targets

- Target
  
  ready.apk
- Size
  
  2.7MB
- MD5
  
  a58f1babad5e36870c747e4bbf67f233
- SHA1
  
  11d59fe6e57544e3ac16c084cc07505b4901a6d3
- SHA256
  
  0f5026f939b7fe23af7eada837ea645dd2992d7514a5b0880a1679c2a908e9ca
- SHA512
  
  15b1c2ce03d7d0ff6795d2aed671dedfed79bd27d81c0f2215af2d9f8b0e4ff0e00a676e064c764bd98627b37f8613863520a9dafa827a4cddd38b64c2cf2105
- SSDEEP
  
  49152:3bF1MIp8lMlTRaJdSIjAfZOb29BKN9dALbQ7R4ChN/3IKjK6tuvLcSYHm5mR0h:3bF7p86lNauU6ZOb290GLbdChjuvLFYg
Score

8^/10

banker evasion
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Removes a system notification.
  evasion
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy