spynote | 17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742 | Triage

Submit
Reports

Overview

overview

Static

static

17b37cf7db...42.apk

android-13-x64

Resubmissions

11-02-2024 10:04

240211-l3z7ysha73 10

11-02-2024 10:03

240211-l3mlvsfa51 10

10-02-2024 22:02

240210-1xscgshb9s 10

Sharing

General

Target

17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742.bin
Size

1.5MB
Sample

240211-l3mlvsfa51
MD5

dd7939e39f76083ba62bf11eda3fc815
SHA1

a9f3b9d47d7c7a3862fb824840ccaee64092c5d7
SHA256

17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742
SHA512

0026c2bab2a6acad3cc2508a36280222f6d4a106a7f329edc3fdc4af6eb2314b30df6f4da9e0eb49b033bacdd874df941a2bac01d8e1a9b66cfe190254cf7002
SSDEEP

24576:wAwcDF6sHhInia1amebYNp2k5WmD9idNpPaVL0aaDnG5Zy:acDFknia1aXetWk0d/PQLgn4Zy

Score

10^/10

spynote android banker infostealer rat trojan

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742.apk

Resource

android-33-x64-arm64-20231215-en

spynote banker infostealer rat trojan

android-13-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

spynote

C2

googlechrome.myftp.org:5214

Targets

- Target
  
  17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742.bin
- Size
  
  1.5MB
- MD5
  
  dd7939e39f76083ba62bf11eda3fc815
- SHA1
  
  a9f3b9d47d7c7a3862fb824840ccaee64092c5d7
- SHA256
  
  17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742
- SHA512
  
  0026c2bab2a6acad3cc2508a36280222f6d4a106a7f329edc3fdc4af6eb2314b30df6f4da9e0eb49b033bacdd874df941a2bac01d8e1a9b66cfe190254cf7002
- SSDEEP
  
  24576:wAwcDF6sHhInia1amebYNp2k5WmD9idNpPaVL0aaDnG5Zy:acDFknia1aXetWk0d/PQLgn4Zy
Score

10^/10

spynote banker infostealer rat trojan
- Spynote
  Spynote is a Remote Access Trojan first seen in 2017.
  banker trojan infostealer rat spynote
- Spynote payload
- Tries to add a device administrator.
- Declares broadcast receivers with permission to handle system events
- Declares services with permission to bind to the system
- Requests dangerous framework permissions
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

spynotebankerinfostealerrattrojan

© 2018-2024

Terms | Privacy