Overview

overview

10

Static

static

10

Craxs.apk

android-9-x86

8

Craxs.apk

android-10-x64

8

Craxs.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Craxs.apk

  • Size

    2.7MB

  • Sample

    240129-wsxzyshdbj

  • MD5

    d87ca78b6132314b685bec7bfc4ef71d

  • SHA1

    d36267da3b7c88708719bf1af36e250bc85aa102

  • SHA256

    fc1d59455e90c6d3a4cea5e9305d1d3544d8fec56f1ca171e845b7150a2d522a

  • SHA512

    65799c7524ad114fb0a54731712ae8e09dd4588be8bc8d311cedcf621212341a0847c0b4f2bc2c7ee106d2e9873b4fa32f53225d7c957a1016d5749dd16b8a6e

  • SSDEEP

    49152:zbF1MIp8lMlTRaJdSIjAfZOb29BKN9dALbQ7R4ChN/3IK7uQWxCbaR9Kb3GqB/7V:zbF7p86lNauU6ZOb290GLbdChNuQWR9E

Score
10/10
spynoteandroidbankerstealthtrojan

Malware Config

Extracted

Family

spynote

C2

ebay-detail.gl.at.ply.gg:10942

Targets

    • Target

      Craxs.apk

    • Size

      2.7MB

    • MD5

      d87ca78b6132314b685bec7bfc4ef71d

    • SHA1

      d36267da3b7c88708719bf1af36e250bc85aa102

    • SHA256

      fc1d59455e90c6d3a4cea5e9305d1d3544d8fec56f1ca171e845b7150a2d522a

    • SHA512

      65799c7524ad114fb0a54731712ae8e09dd4588be8bc8d311cedcf621212341a0847c0b4f2bc2c7ee106d2e9873b4fa32f53225d7c957a1016d5749dd16b8a6e

    • SSDEEP

      49152:zbF1MIp8lMlTRaJdSIjAfZOb29BKN9dALbQ7R4ChN/3IK7uQWxCbaR9Kb3GqB/7V:zbF7p86lNauU6ZOb290GLbdChNuQWR9E

    Score
    8/10
    bankerstealthtrojan

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      banker

    • Removes its main activity from the application launcher

      stealthtrojan

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks