spynote | 2da1a98a2881004f4a103f59ee2de75f2e4bc700f1bf8e80a2823572533cbb85 | Triage

Sharing

General

Target

2da1a98a2881004f4a103f59ee2de75f2e4bc700f1bf8e80a2823572533cbb85.bin
Size

864KB
Sample

240210-1x4erabc43
MD5

17a78d95223627cc48e62ce98edfedb4
SHA1

581d81d3f749b00ce69f2c52c4713f92de5dd70c
SHA256

2da1a98a2881004f4a103f59ee2de75f2e4bc700f1bf8e80a2823572533cbb85
SHA512

edcdbf9119658ba25e22423d91b2d243b661eb93bc75ed7eaf493748acf87a94051c0b6dcca658c1cb6d3aee446a18f25685a512b65428729e4d47a8b0357465
SSDEEP

24576:eVHJ6sbLz/eMBnkmswjMal5WmD9idNpd9:uJ6sz3p/Tj5Wk0d/d9

Score

10^/10

spynote android banker

Malware Config

Extracted

Family

spynote

C2

4.tcp.eu.ngrok.io:10946

Targets

- Target
  
  2da1a98a2881004f4a103f59ee2de75f2e4bc700f1bf8e80a2823572533cbb85.bin
- Size
  
  864KB
- MD5
  
  17a78d95223627cc48e62ce98edfedb4
- SHA1
  
  581d81d3f749b00ce69f2c52c4713f92de5dd70c
- SHA256
  
  2da1a98a2881004f4a103f59ee2de75f2e4bc700f1bf8e80a2823572533cbb85
- SHA512
  
  edcdbf9119658ba25e22423d91b2d243b661eb93bc75ed7eaf493748acf87a94051c0b6dcca658c1cb6d3aee446a18f25685a512b65428729e4d47a8b0357465
- SSDEEP
  
  24576:eVHJ6sbLz/eMBnkmswjMal5WmD9idNpd9:uJ6sz3p/Tj5Wk0d/d9
Score

8^/10

banker
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3