Overview

overview

10

Static

static

7

d7326f85e8...46.apk

android-9-x86

10

d7326f85e8...46.apk

android-10-x64

10

d7326f85e8...46.apk

android-11-x64

10

Analysis

  • max time kernel
    4092279s
  • max time network
    152s
  • platform
    android_x86
  • resource
    android-x86-arm-20231023-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
  • submitted
    21-11-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7326f85e838f6298f5c9e8626d889c1a15757319754dc57d8703dff3f45c546.apk

  • Size

    992KB

  • MD5

    cbaf2da6a483775b934faabd5b40bed6

  • SHA1

    0ba2eb6661e6d7f03e0a2ef08ea75296990ac6fc

  • SHA256

    d7326f85e838f6298f5c9e8626d889c1a15757319754dc57d8703dff3f45c546

  • SHA512

    917b65d79f323c045bb7a39cc47e432de18cf3b942698fb2056d4bbad0be8d3ba8f7ff3102b078722a87c71ba609d028c910fa66edb06582f23c8101d1a4a6e3

  • SSDEEP

    24576:BhzkORPhgzQc8RkQ4dh2iynuPyt9XktndMCngUPvJCYPMqlRnV:rRJgp8RkhdQiynq6XktndMfasYPMUV

Score
10/10
spynotebankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

spynote

C2

192.168.0.105:8080

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion

Processes

  • mountainy2.scored.claims
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    PID:4240
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/mountainy2.scored.claims/app_ded/SBbL8WvOCMNBmZUM78Rc9DZfQfBPAR0l.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/mountainy2.scored.claims/app_ded/oat/x86/SBbL8WvOCMNBmZUM78Rc9DZfQfBPAR0l.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4264
    • rm -r/data/user/0/mountainy2.scored.claims/app_ded/oat/x86/SBbL8WvOCMNBmZUM78Rc9DZfQfBPAR0l.vdex
      2⤵
        PID:4287
      • rm -r/data/user/0/mountainy2.scored.claims/app_ded/oat/x86/SBbL8WvOCMNBmZUM78Rc9DZfQfBPAR0l.odex
        2⤵
          PID:4301
        • rm -r/data/user/0/mountainy2.scored.claims/app_ded/SBbL8WvOCMNBmZUM78Rc9DZfQfBPAR0l.dex
          2⤵
            PID:4319

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/mountainy2.scored.claims/app_ded/SBbL8WvOCMNBmZUM78Rc9DZfQfBPAR0l.dex
          Filesize

          1.3MB

          MD5

          0db3e8e486f47d80fe56ac9ae0eb871b

          SHA1

          0822d78837b027deef36a7c1bd62ae9629c19956

          SHA256

          f32452b8bbe2444257659cc4656aa41490a3f93f919eabe99632a30c610f5647

          SHA512

          1f8122b13e6bd05d1a6ed2dccbaff9faef6258e220270ecdbb2cd35474cb24d82ffd7dc6c28ede8727873eaa36b209d3f844cba0dc2c5caef4f43214ccfba824

          Download Submit
        • /data/user/0/mountainy2.scored.claims/app_ded/SBbL8WvOCMNBmZUM78Rc9DZfQfBPAR0l.dex
          Filesize

          1.3MB

          MD5

          0db3e8e486f47d80fe56ac9ae0eb871b

          SHA1

          0822d78837b027deef36a7c1bd62ae9629c19956

          SHA256

          f32452b8bbe2444257659cc4656aa41490a3f93f919eabe99632a30c610f5647

          SHA512

          1f8122b13e6bd05d1a6ed2dccbaff9faef6258e220270ecdbb2cd35474cb24d82ffd7dc6c28ede8727873eaa36b209d3f844cba0dc2c5caef4f43214ccfba824

          Download Submit
        • /data/user/0/mountainy2.scored.claims/app_ded/SBbL8WvOCMNBmZUM78Rc9DZfQfBPAR0l.dex
          Filesize

          1.3MB

          MD5

          4201e1264f8f89eb8ec361e57ce5215e

          SHA1

          a5263ea06fbf50ebe4c7a0218ae1aa6c91eb8e71

          SHA256

          e9cdea14278724ddf4c1d9512673b37d20c5ddb85b62ce1d1ed20a37a310e94a

          SHA512

          6df12975aecadef877a91fc7bf77925028a481868b4003866d7c895accd4c4ef56046f101454855ce15b1fbaa627e92e900e730e1e45f1162e766838daa3b7f7

          Download Submit
        • /data/user/0/mountainy2.scored.claims/app_ded/SBbL8WvOCMNBmZUM78Rc9DZfQfBPAR0l.dex
          Filesize

          1.3MB

          MD5

          0db3e8e486f47d80fe56ac9ae0eb871b

          SHA1

          0822d78837b027deef36a7c1bd62ae9629c19956

          SHA256

          f32452b8bbe2444257659cc4656aa41490a3f93f919eabe99632a30c610f5647

          SHA512

          1f8122b13e6bd05d1a6ed2dccbaff9faef6258e220270ecdbb2cd35474cb24d82ffd7dc6c28ede8727873eaa36b209d3f844cba0dc2c5caef4f43214ccfba824

          Download Submit
        • /storage/emulated/0/Config/sys/apps/log/log-2023-11-21.txt
          Filesize

          275B

          MD5

          633483e3664b325ddb9bf101fd4a4187

          SHA1

          4cec48d6e2f70728bb12f8fcd4198eefde89fa58

          SHA256

          b0cd5155ed0d0fcf5973693df5f7ee6081e3cf99aa70346617c12a7f8290ab03

          SHA512

          70c02bde75fcee42a8e198ba56fb602c5763a5da4e89524f3e415184313636b8b09ddb80d77c7d123a68eeb8d4eb50c533994adc97b8ebbcd38166d1f4131b64

          Download Submit
        • /storage/emulated/0/Config/sys/apps/log/log-2023-11-21.txt
          Filesize

          12B

          MD5

          a9256f55737b655c8cff95418411997c

          SHA1

          d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

          SHA256

          bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

          SHA512

          10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

          Download Submit
        • /storage/emulated/0/Config/sys/apps/log/log-2023-11-21.txt
          Filesize

          12B

          MD5

          a9256f55737b655c8cff95418411997c

          SHA1

          d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

          SHA256

          bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

          SHA512

          10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

          Download Submit
        • /storage/emulated/0/Config/sys/apps/log/log-2023-11-21.txt
          Filesize

          12B

          MD5

          a9256f55737b655c8cff95418411997c

          SHA1

          d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

          SHA256

          bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

          SHA512

          10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

          Download Submit
        • /storage/emulated/0/Config/sys/apps/log/log-2023-11-21.txt
          Filesize

          20B

          MD5

          9b8be9ba788425fa4b290d771e5f7486

          SHA1

          1bdc9b903b9cdd67c54e965da5c3e70f3a95af44

          SHA256

          2c6277b7a3550097607552d8ede4b72de32d76ecf8723af82ab748283b1a5ec9

          SHA512

          a4edb5f7f33a29b011668200ba4c9b1614f91238909137e3148d537d22cd4cf09813cbce4757479f0a0b961a67c6d43888e0996e7e738b36748a1b1bc0a2ba2b

          Download Submit