Overview

overview

10

Static

static

6

397d80e7f2...b3.apk

android-9-x86

10

397d80e7f2...b3.apk

android-10-x64

10

397d80e7f2...b3.apk

android-11-x64

10

Analysis

  • max time kernel
    3339555s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    01-01-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    397d80e7f2c85b8921150d568c32deb43a157944cb993225e9907452179893b3.apk

  • Size

    3.0MB

  • MD5

    bc9a4b7c49f7a2843bb7c63eadf0721d

  • SHA1

    837f19d9f53e46a33f09d4ad26ba57a024818d8b

  • SHA256

    397d80e7f2c85b8921150d568c32deb43a157944cb993225e9907452179893b3

  • SHA512

    dd38c1efd759354acdbe60b7fb3cfbf57ff1af7bfb7855f718741b4cce124d946c7bf05977112e05bbb9c29787fb00a0713fb7132b2d46c94c995ac838033446

  • SSDEEP

    49152:nDSSKOp7JsQ+52g8VxxR1c7W/kQS3jphfaIEwTxvJaw2SR9GBRUES787cGBJmlE7:OIJab6hP/+phCzijpGBRUESYwGBUlEWc

Score
10/10
spynotebankerevasioninfostealerrattrojan

Malware Config

Extracted

Family

spynote

C2

165.227.31.192:22813

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
    banker
  • Loads dropped Dex/Jar 6 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.khelo.winindia
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4238
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.khelo.winindia/app_ded/ZX3HMl5h9vHhJxYeMsREQTq6QnaLMG2A.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.khelo.winindia/app_ded/oat/x86/ZX3HMl5h9vHhJxYeMsREQTq6QnaLMG2A.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4263
    • rm -r/data/user/0/com.khelo.winindia/app_ded/oat/x86/ZX3HMl5h9vHhJxYeMsREQTq6QnaLMG2A.odex
      2⤵
        PID:4286
      • rm -r/data/user/0/com.khelo.winindia/app_ded/oat/x86/ZX3HMl5h9vHhJxYeMsREQTq6QnaLMG2A.vdex
        2⤵
          PID:4300
        • rm -r/data/user/0/com.khelo.winindia/app_ded/ZX3HMl5h9vHhJxYeMsREQTq6QnaLMG2A.dex
          2⤵
            PID:4319
          • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.khelo.winindia/app_mph_dex/apk.manager-v1.rizal.xml --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.khelo.winindia/app_mph_dex/oat/x86/apk.manager-v1.rizal.odex --compiler-filter=quicken --class-loader-context=&
            2⤵
            • Loads dropped Dex/Jar
            PID:4348

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.khelo.winindia/app_ded/ZX3HMl5h9vHhJxYeMsREQTq6QnaLMG2A.dex
          Filesize

          94KB

          MD5

          c2665ded30fa9868af79db59a02a929e

          SHA1

          00286694f32ec4cbfbc1bc7bfff05cd32a451724

          SHA256

          40f7b37fac44b58fb938deae5c562f6e80988d8dbdd53afa8877ec61799ea678

          SHA512

          722a9183b3a860d35538a6a78ece43ca72c00d69eaddfbcbbf45bb98b79a7010c27c95807381ef410c6c73e1471780b59c10623a3a371ac5e9ebd1e10a72da71

          Download Submit
        • /data/data/com.khelo.winindia/app_mph_dex/apk.manager-v1.rizal.xml
          Filesize

          928KB

          MD5

          39f2a62a688eaa3947eb1e341791b232

          SHA1

          1b9b2e4f8100c5d851e862683a13657479d4b467

          SHA256

          dcaa6fdacf1054b6ab941ba4a98cad88efbe0387d952afad321f8af6eb3ad7f8

          SHA512

          fcdc043983379767a948f94991352013ff79d70beb94b7cf036dd29b849570ba694b8ac8a8c807e3b557ca5d079006a505e1e4cc8e9200dc434ded0f274207e1

          Download Submit
        • /data/user/0/com.khelo.winindia/app_ded/ZX3HMl5h9vHhJxYeMsREQTq6QnaLMG2A.dex
          Filesize

          94KB

          MD5

          e8e8ddf0d55634cc1b6a297fba792cbf

          SHA1

          ba38eb6073bf90296e1846f1f17edeb150c30873

          SHA256

          4061d66f8b69902b96b0d2ac2f1fb01854d20550c5c4f73302350d65728eab25

          SHA512

          3762ef2dffcd1a54cac012b5a8b1ad9b5a968e021bff6a166f90e648af04f78b377303a2c5f863c41ba0819c0dd00950c2fd4c06b4809f1e287e3e2f039c076e

          Download Submit
        • /data/user/0/com.khelo.winindia/app_mph_dex/apk.manager-v1.rizal.xml
          Filesize

          3.3MB

          MD5

          94795eebe4f464938e05f7e6404b1df5

          SHA1

          da3d29d455fbb6f204ba5922c9b91f60dd0121da

          SHA256

          a3dc502fef3b9b5146066f258ef67c7111e063cf889e3af0496d3623a373fbbb

          SHA512

          b305d0864b7e3061840dd85e7f0b505427ec0719b2dca3703bf266132a908f1db46d1235e8f1547fb5e2e96266eeecf10f25b0dfe0e6cb1da6b25389400d252a

          Download Submit
        • /data/user/0/com.khelo.winindia/app_mph_dex/apk.manager-v1.rizal.xml
          Filesize

          3.3MB

          MD5

          c8877e7047fc62fb980655fbef92fbf1

          SHA1

          446299340edc04ab1b584898a13ec4eaa14626cc

          SHA256

          5d2b1dbc318dc99021c701702daf0207d0ca3f91347b321ad7ec66332fd4b7d3

          SHA512

          c667c3bced888f562d7257bdeb3ab1013bacaf0b3aabf4fdb36ac929c883670c6583189adced861e1771cd7ea1002c02e0fb5cda7b7fad25b7904e9e5c565432

          Download Submit
        • /storage/emulated/0/Config/sys/apps/log/log-2024-01-01.txt
          Filesize

          25B

          MD5

          ee9e2497c706d9194515ce225af64693

          SHA1

          84049cff675d741902812b58332903e24b52d23d

          SHA256

          dc2a5d263069fd9936e0650a6a5a7ba725cdefb6bb2317431eacb8a1ed7b5a04

          SHA512

          71bfb14ee4f5758760b4e0c130a06f2f433f41a8daa8e4880ed9f6ce925485ecbf843fde7ff18daae8011d5c480d2920fabcf09e7e279a92932f04c2f61eafcc

          Download Submit
        • /storage/emulated/0/Config/sys/apps/log/log-2024-01-01.txt
          Filesize

          41B

          MD5

          c2ffc453f2688035bf0e18930b07a892

          SHA1

          b6a373cfddbbda912f21d9615b00a22a006efd01

          SHA256

          7a774a77e19639ac9c1386e962dc2d597f5a4623bfe861c234b32cb52df569db

          SHA512

          66e09d2b9dbc9c5b01d238e049b0128f50e0213014dba66b0e4fa4a6aa7edd74bbfe97fafa10115477ce3413ce0137c091750eb30cda009e2edf503261f9688a

          Download Submit
        • /storage/emulated/0/Config/sys/apps/log/log-2024-01-01.txt
          Filesize

          25B

          MD5

          b0ff8ea49970dfca7b5499bd67b1b208

          SHA1

          8f0a3663c82036a22bb3018081ea23d9182d89d8

          SHA256

          a43d4768a3416a00dd6498b927d6c956019f9c2c6aada3cc921e00b81a3bbe4e

          SHA512

          3ac4dac70feab95959312959bbd0933e808d8429f7f6adceb401335b8fcd258025925ba1c0b8214cacb30d0a1185c83b849d7ba9340ffb226aec4095bb79066a

          Download Submit