spymax | 0df01fb5791183d68b47a9c7e7817e5431e56bdc2c79b8d3e9a7533ecac254e9 | Triage

Sharing

General

Target

ready.apk
Size

30KB
Sample

231118-2zrz6sgg4t
MD5

35912b2d0cd7440400df7865f270bed3
SHA1

04aa947cfb715a6502d02027257b372bd8fef1fb
SHA256

0df01fb5791183d68b47a9c7e7817e5431e56bdc2c79b8d3e9a7533ecac254e9
SHA512

38a07a8b15dbcfa14ae3dbb4c97eb5c33a06cece3c56389bc126ffc47f940e4d87cfa0d8ed4daa581d3b885e5fd315469d82f1d0c135664b385eccb4ca18b5a1
SSDEEP

768:jpCI42IEA0J4ytlB+Zgn2ekrZ6z+uV313jmBu:jp542IEruytL+z+l3j/

Score

10^/10

spymax android banker stealth trojan

Malware Config

Extracted

Family

spymax

C2

0.tcp.sa.ngrok.io:10034

Targets

- Target
  
  ready.apk
- Size
  
  30KB
- MD5
  
  35912b2d0cd7440400df7865f270bed3
- SHA1
  
  04aa947cfb715a6502d02027257b372bd8fef1fb
- SHA256
  
  0df01fb5791183d68b47a9c7e7817e5431e56bdc2c79b8d3e9a7533ecac254e9
- SHA512
  
  38a07a8b15dbcfa14ae3dbb4c97eb5c33a06cece3c56389bc126ffc47f940e4d87cfa0d8ed4daa581d3b885e5fd315469d82f1d0c135664b385eccb4ca18b5a1
- SSDEEP
  
  768:jpCI42IEA0J4ytlB+Zgn2ekrZ6z+uV313jmBu:jp542IEruytL+z+l3j/
Score

8^/10

banker stealth trojan
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bankerstealthtrojan