Overview

overview

10

Static

static

10

ready.apk

android-13-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ready.apk

  • Size

    3.7MB

  • Sample

    240104-xxhw9shcdl

  • MD5

    18dd86eccb7ee4796bf12eb6359a6389

  • SHA1

    e4e6d32c59964280d83dddffcb59bc424d0fbdfa

  • SHA256

    f42da00a548bc5bfae8514664424b595ef99e417bb3827e0a8ea417d5234928a

  • SHA512

    0f3af65daa9b1ef51937bf4694f940da7674f4fbfbe4af30dc6962f1bfae0328d8a4ce329facf31b935fe3c7faa404f23860c7ca9ae69bfd5d47f53ceffe1370

  • SSDEEP

    98304:CU4JB3khGshHzCwxGxHE4/LdsumzLzB9TG0tQqcR:oBkXGwxGxHE4/JspzzN6

Score
10/10
spynoteandroidbankerevasion

Malware Config

Extracted

Family

spynote

C2

167.71.56.116:22799

Targets

    • Target

      ready.apk

    • Size

      3.7MB

    • MD5

      18dd86eccb7ee4796bf12eb6359a6389

    • SHA1

      e4e6d32c59964280d83dddffcb59bc424d0fbdfa

    • SHA256

      f42da00a548bc5bfae8514664424b595ef99e417bb3827e0a8ea417d5234928a

    • SHA512

      0f3af65daa9b1ef51937bf4694f940da7674f4fbfbe4af30dc6962f1bfae0328d8a4ce329facf31b935fe3c7faa404f23860c7ca9ae69bfd5d47f53ceffe1370

    • SSDEEP

      98304:CU4JB3khGshHzCwxGxHE4/LdsumzLzB9TG0tQqcR:oBkXGwxGxHE4/JspzzN6

    Score
    8/10
    bankerevasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      banker

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1

MITRE ATT&CK Matrix

Tasks