spynote | 6abbca4bd2eaf4f4da7146008b49c53fde806e37a158697ea46c9c6e0eb44b61 | Triage

Resubmissions

30-11-2023 10:47

231130-mvl6ssah91 10

18-07-2023 14:25

230718-rrc6yabb83 10

18-07-2023 13:41

230718-qy8qraag77 10

18-07-2023 13:38

230718-qxv39sag66 10

Sharing

General

Target

Imagine v2.8.6 [Premium] signed.apk
Size

25.1MB
Sample

231130-mvl6ssah91
MD5

89e9bfaf2d6498971882afb8497dceb1
SHA1

fe2bc88f9fb2195a033def29cbe27ce5157219be
SHA256

6abbca4bd2eaf4f4da7146008b49c53fde806e37a158697ea46c9c6e0eb44b61
SHA512

eb05587fa7c18637d3784175f6a29c35a62c650cf4c88927c07a002854c91c669aaa4e246a45abc44241ad8a72a002cab08e805bdf56a52c4ad945e2c1591a3c
SSDEEP

786432:LJiuZEyv4sWG9mtS14oytjFchKMfvW02+vYzmt:lzZEyvxWG9ms+VVMIuymt

Score

10^/10

spynote android evasion ransomware

Malware Config

Extracted

Family

spynote

C2

soon-lp.at.ply.gg:17209

Targets

- Target
  
  Imagine v2.8.6 [Premium] signed.apk
- Size
  
  25.1MB
- MD5
  
  89e9bfaf2d6498971882afb8497dceb1
- SHA1
  
  fe2bc88f9fb2195a033def29cbe27ce5157219be
- SHA256
  
  6abbca4bd2eaf4f4da7146008b49c53fde806e37a158697ea46c9c6e0eb44b61
- SHA512
  
  eb05587fa7c18637d3784175f6a29c35a62c650cf4c88927c07a002854c91c669aaa4e246a45abc44241ad8a72a002cab08e805bdf56a52c4ad945e2c1591a3c
- SSDEEP
  
  786432:LJiuZEyv4sWG9mtS14oytjFchKMfvW02+vYzmt:lzZEyvxWG9ms+VVMIuymt
Score

8^/10

evasion ransomware
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Requests enabling of the accessibility settings.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

evasionransomware

behavioral4