Overview

overview

10

Static

static

10

8144eeaea1...8e.apk

android-9-x86

8

8144eeaea1...8e.apk

android-10-x64

8

8144eeaea1...8e.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8144eeaea116db215dd811df846cc85faa5e0de0c3962f3b00d1455da3ee998e

  • Size

    751KB

  • Sample

    231220-d4c5taacgr

  • MD5

    6bcd6ac6b151e1ec4edf847724a6cca7

  • SHA1

    f2dc5d5be9a90e52b329827041caae42f5c15ed3

  • SHA256

    8144eeaea116db215dd811df846cc85faa5e0de0c3962f3b00d1455da3ee998e

  • SHA512

    67fc1f89da337c7f708adbf9f9ff43e005ef1548b37b337ae8a3fee9f371e57d16120b82b296122a4457c7536585273b0bd40580f5be7c87e0786151879b0f0d

  • SSDEEP

    12288:KOkrJ6sgRQLz3Biw127J+mJ5WmpYshXZPbGwidNpgB:z0J6sjLz3B/18J+mJ5WmD9idNpe

Score
10/10
spynoteandroidbanker

Malware Config

Extracted

Family

spynote

C2

8.tcp.ngrok.io:12876

Targets

    • Target

      8144eeaea116db215dd811df846cc85faa5e0de0c3962f3b00d1455da3ee998e

    • Size

      751KB

    • MD5

      6bcd6ac6b151e1ec4edf847724a6cca7

    • SHA1

      f2dc5d5be9a90e52b329827041caae42f5c15ed3

    • SHA256

      8144eeaea116db215dd811df846cc85faa5e0de0c3962f3b00d1455da3ee998e

    • SHA512

      67fc1f89da337c7f708adbf9f9ff43e005ef1548b37b337ae8a3fee9f371e57d16120b82b296122a4457c7536585273b0bd40580f5be7c87e0786151879b0f0d

    • SSDEEP

      12288:KOkrJ6sgRQLz3Biw127J+mJ5WmpYshXZPbGwidNpgB:z0J6sjLz3B/18J+mJ5WmD9idNpe

    Score
    8/10
    banker

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      banker

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Tasks