Overview

overview

10

Static

static

6

397d80e7f2...b3.apk

android-9-x86

10

397d80e7f2...b3.apk

android-10-x64

10

397d80e7f2...b3.apk

android-11-x64

10

Analysis

  • max time kernel
    3339554s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    01-01-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    397d80e7f2c85b8921150d568c32deb43a157944cb993225e9907452179893b3.apk

  • Size

    3.0MB

  • MD5

    bc9a4b7c49f7a2843bb7c63eadf0721d

  • SHA1

    837f19d9f53e46a33f09d4ad26ba57a024818d8b

  • SHA256

    397d80e7f2c85b8921150d568c32deb43a157944cb993225e9907452179893b3

  • SHA512

    dd38c1efd759354acdbe60b7fb3cfbf57ff1af7bfb7855f718741b4cce124d946c7bf05977112e05bbb9c29787fb00a0713fb7132b2d46c94c995ac838033446

  • SSDEEP

    49152:nDSSKOp7JsQ+52g8VxxR1c7W/kQS3jphfaIEwTxvJaw2SR9GBRUES787cGBJmlE7:OIJab6hP/+phCzijpGBRUESYwGBUlEWc

Score
10/10
spynotebankerinfostealerrattrojan

Malware Config

Extracted

Family

spynote

C2

165.227.31.192:22813

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
    banker
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.khelo.winindia
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.khelo.winindia/app_ded/SPTewyWDHdZ0PhZG6BXiMMdOwdVrmPcf.dex
    Filesize

    94KB

    MD5

    c2665ded30fa9868af79db59a02a929e

    SHA1

    00286694f32ec4cbfbc1bc7bfff05cd32a451724

    SHA256

    40f7b37fac44b58fb938deae5c562f6e80988d8dbdd53afa8877ec61799ea678

    SHA512

    722a9183b3a860d35538a6a78ece43ca72c00d69eaddfbcbbf45bb98b79a7010c27c95807381ef410c6c73e1471780b59c10623a3a371ac5e9ebd1e10a72da71

    Download Submit
  • /data/data/com.khelo.winindia/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    890KB

    MD5

    3558d2f059c6507786eb772f0d9ecd5d

    SHA1

    411383eeb068fd258fcf2bb77d020ae8e2fc0498

    SHA256

    860ac0ff48239e5081d823d2b986914fca4cddfb30828859a0f963cc592a7452

    SHA512

    828a33a1eb312b6883e13ffe58c049a9801d53878fb06b433394085c1b7d18a9362bc617581531cff92d5f8974f824aca9804a69ca365d7e03ba855c02b95600

    Download Submit
  • /data/user/0/com.khelo.winindia/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    3.3MB

    MD5

    94795eebe4f464938e05f7e6404b1df5

    SHA1

    da3d29d455fbb6f204ba5922c9b91f60dd0121da

    SHA256

    a3dc502fef3b9b5146066f258ef67c7111e063cf889e3af0496d3623a373fbbb

    SHA512

    b305d0864b7e3061840dd85e7f0b505427ec0719b2dca3703bf266132a908f1db46d1235e8f1547fb5e2e96266eeecf10f25b0dfe0e6cb1da6b25389400d252a

    Download Submit
  • /storage/emulated/0/Config/sys/apps/log/log-2024-01-01.txt
    Filesize

    25B

    MD5

    27845d4ced01d65eb614ba5b0df1f73d

    SHA1

    44775c4e982cfc73073cdcc1271936da7a121fdf

    SHA256

    c8e43df7ef007a924551ada6eb1c7587fbe8992677522fa95a444b46dd741187

    SHA512

    9c79244530e594e93905d1845336192e8da8e37345cb0e3365836f14acf9af05100eddaee63e18f5c574306dad42202e41d15acee14a6804646679edba87a17a

    Download Submit
  • /storage/emulated/0/Config/sys/apps/log/log-2024-01-01.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit
  • /storage/emulated/0/Config/sys/apps/log/log-2024-01-01.txt
    Filesize

    280B

    MD5

    b7a8a9a5edd4b4edee2f5753e6762377

    SHA1

    4b98842ef7281b1dc16413f67d0940e80b130682

    SHA256

    a075cf303eb8b4364fd0ce7e1b9032ec6c6a9a0ed22d3a29d3913f4ead62e537

    SHA512

    7203f3e14d950e825998ea617692d437104ec29813ff56a838ccd0ffd5631ad7c3be79bec827034bfa57b1a3cf0cc5bfe8c141e51f77c09253888510844816bb

    Download Submit
  • /storage/emulated/0/Config/sys/apps/log/log-2024-01-01.txt
    Filesize

    57B

    MD5

    8b781276616b5442597cac39cba526df

    SHA1

    f59cd7b0ff95c49daaba318851809c8b8d3cedeb

    SHA256

    6eb69c1a37be1f39a3838d88e450041268d83760a18bb8d745bb33d88208291d

    SHA512

    d205918a810f0d879a9fdae3a82f54f9da493691ae9e1d95e645486433974ab0d979029c0de0000e63e735cce06e653c7c0d5aa577bc16e037f8a9403c4b6054

    Download Submit