Overview

overview

10

Static

static

10

17b37cf7db...42.apk

android-13-x64

10

Resubmissions

11-02-2024 10:04

240211-l3z7ysha73 10

11-02-2024 10:03

240211-l3mlvsfa51 10

10-02-2024 22:02

240210-1xscgshb9s 10

Analysis

  • max time kernel
    3s
  • max time network
    20s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20231215-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
  • submitted
    11-02-2024 10:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742.apk

  • Size

    1.5MB

  • MD5

    dd7939e39f76083ba62bf11eda3fc815

  • SHA1

    a9f3b9d47d7c7a3862fb824840ccaee64092c5d7

  • SHA256

    17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742

  • SHA512

    0026c2bab2a6acad3cc2508a36280222f6d4a106a7f329edc3fdc4af6eb2314b30df6f4da9e0eb49b033bacdd874df941a2bac01d8e1a9b66cfe190254cf7002

  • SSDEEP

    24576:wAwcDF6sHhInia1amebYNp2k5WmD9idNpPaVL0aaDnG5Zy:acDFknia1aXetWk0d/PQLgn4Zy

Score
10/10
spynotebankerinfostealerrattrojan

Malware Config

Extracted

Family

spynote

C2

googlechrome.myftp.org:5214

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote payload 1 IoCs
  • Tries to add a device administrator. 1 IoCs
  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 1 IoCs
  • Requests dangerous framework permissions 18 IoCs

Processes

  • com.eset.ems2.gp
    1⤵
    • Tries to add a device administrator.
    PID:4236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/null/base.apk
    Filesize

    200KB

    MD5

    e2b176c53c68564b3705a82f9ab691c1

    SHA1

    95ab9560e4abf6fe7236603ae733fd1ecf522a96

    SHA256

    9d5d64ff17ca214adc648e1c961b929f99f58509b845952cb8a92d9d73fc138f

    SHA512

    eb4fa39660ea549f77a5db9338d790ddeb7c0280bbb2a6911850a34f8ede72b147b00bde69a3370682892d61613b25b3d9a952b34e5d4288b7fc1ad706543615

    Download Submit