spynote | 17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742

Resubmissions

11-02-2024 10:04

240211-l3z7ysha73 10

11-02-2024 10:03

240211-l3mlvsfa51 10

10-02-2024 22:02

240210-1xscgshb9s 10

Analysis

max time kernel
4s
max time network
157s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
10-02-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742.apk
Size

1.5MB
MD5

dd7939e39f76083ba62bf11eda3fc815
SHA1

a9f3b9d47d7c7a3862fb824840ccaee64092c5d7
SHA256

17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742
SHA512

0026c2bab2a6acad3cc2508a36280222f6d4a106a7f329edc3fdc4af6eb2314b30df6f4da9e0eb49b033bacdd874df941a2bac01d8e1a9b66cfe190254cf7002
SSDEEP

24576:wAwcDF6sHhInia1amebYNp2k5WmD9idNpPaVL0aaDnG5Zy:acDFknia1aXetWk0d/PQLgn4Zy

Score

10^/10

spynote banker infostealer rat trojan

Malware Config

Extracted

Family

spynote

googlechrome.myftp.org:5214

Signatures

Spynote
Spynote is a Remote Access Trojan first seen in 2017.
banker trojan infostealer rat spynote

Spynote payload 1 IoCs

Processes:

resource	yara_rule
/storage/emulated/0/null/base.apk	family_spynote

Declares broadcast receivers with permission to handle system events 1 IoCs

Processes:

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 1 IoCs

Processes:

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 18 IoCs

Processes:

description	ioc
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write and read the user's call log data.	android.permission.WRITE_CALL_LOG
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS

com.eset.ems2.gp
1⤵
PID:5055

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/null/base.apk
Filesize
49KB

MD5
d2b416f20bfeded69f5e907db3715964

SHA1
dab142602a53deb51a510f2b7eb503fcdc300050

SHA256
b2094e364773bde6a2ee605376c06385ac42afcee362c66cb01fc2b4e7689acd

SHA512
f37035c228507a29a82d08bad33a8952a5a6945198614381d07fa4ab7bac313efd7dd282ea846aa7d15c275e875a734ef001fb4a5c4ed0bbe64f2aad1454c73e

Download Submit