Resubmissions
11-02-2024 10:04
240211-l3z7ysha73 1011-02-2024 10:03
240211-l3mlvsfa51 1010-02-2024 22:02
240210-1xscgshb9s 10Analysis
-
max time kernel
4s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system -
submitted
10-02-2024 22:02
Behavioral task
behavioral1
Sample
17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742.apk
-
Size
1.5MB
-
MD5
dd7939e39f76083ba62bf11eda3fc815
-
SHA1
a9f3b9d47d7c7a3862fb824840ccaee64092c5d7
-
SHA256
17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742
-
SHA512
0026c2bab2a6acad3cc2508a36280222f6d4a106a7f329edc3fdc4af6eb2314b30df6f4da9e0eb49b033bacdd874df941a2bac01d8e1a9b66cfe190254cf7002
-
SSDEEP
24576:wAwcDF6sHhInia1amebYNp2k5WmD9idNpPaVL0aaDnG5Zy:acDFknia1aXetWk0d/PQLgn4Zy
Malware Config
Extracted
spynote
googlechrome.myftp.org:5214
Signatures
-
Spynote
Spynote is a Remote Access Trojan first seen in 2017.
-
Spynote payload 1 IoCs
Processes:
resource yara_rule /storage/emulated/0/null/base.apk family_spynote -
Declares broadcast receivers with permission to handle system events 1 IoCs
Processes:
description ioc Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN -
Declares services with permission to bind to the system 1 IoCs
Processes:
description ioc Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE -
Requests dangerous framework permissions 18 IoCs
Processes:
description ioc Required to be able to access the camera device. android.permission.CAMERA Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Required to be able to access the camera device. android.permission.CAMERA Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS Allows an application to read the user's contacts data. android.permission.READ_CONTACTS Allows an application to record audio. android.permission.RECORD_AUDIO Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to read the user's call log. android.permission.READ_CALL_LOG Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/storage/emulated/0/null/base.apkFilesize
49KB
MD5d2b416f20bfeded69f5e907db3715964
SHA1dab142602a53deb51a510f2b7eb503fcdc300050
SHA256b2094e364773bde6a2ee605376c06385ac42afcee362c66cb01fc2b4e7689acd
SHA512f37035c228507a29a82d08bad33a8952a5a6945198614381d07fa4ab7bac313efd7dd282ea846aa7d15c275e875a734ef001fb4a5c4ed0bbe64f2aad1454c73e