spynote | 8b40f38ef88d8b221638084941c670ca988422d73fe6977fabe7cefc5c3f2bb3 | Triage

Sharing

General

Target

app1702415552369.apk
Size

4.4MB
Sample

231215-rvy8ksefd6
MD5

5862b0fd34988e9988a53c088efd87d9
SHA1

81b567e2d335b646847a3fd0301c1d9b42b3d5df
SHA256

8b40f38ef88d8b221638084941c670ca988422d73fe6977fabe7cefc5c3f2bb3
SHA512

0d73e1041df6d418890a24acad661a268de24b47e61488cfaa83f9e5e5fa1720a5808b20d5ae5a6158e10082c3f297c39bd9fb1cf94884c197e597babb027d9a
SSDEEP

98304:ss1/Yhh5nq/MUHMDHmTIhbmzzzBoGTg0tcnp/H:f1AT5q/pHChKzamLcd

Score

10^/10

spynote android

Malware Config

Targets

- Target
  
  app1702415552369.apk
- Size
  
  4.4MB
- MD5
  
  5862b0fd34988e9988a53c088efd87d9
- SHA1
  
  81b567e2d335b646847a3fd0301c1d9b42b3d5df
- SHA256
  
  8b40f38ef88d8b221638084941c670ca988422d73fe6977fabe7cefc5c3f2bb3
- SHA512
  
  0d73e1041df6d418890a24acad661a268de24b47e61488cfaa83f9e5e5fa1720a5808b20d5ae5a6158e10082c3f297c39bd9fb1cf94884c197e597babb027d9a
- SSDEEP
  
  98304:ss1/Yhh5nq/MUHMDHmTIhbmzzzBoGTg0tcnp/H:f1AT5q/pHChKzamLcd
Score

8^/10
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Acquires the wake lock
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3