Overview

overview

10

Static

static

10

17b37cf7db...42.apk

android-9-x86

10

Resubmissions

11-02-2024 10:04

240211-l3z7ysha73 10

11-02-2024 10:03

240211-l3mlvsfa51 10

10-02-2024 22:02

240210-1xscgshb9s 10

Analysis

  • max time kernel
    13s
  • max time network
    22s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    11-02-2024 10:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742.apk

  • Size

    1.5MB

  • MD5

    dd7939e39f76083ba62bf11eda3fc815

  • SHA1

    a9f3b9d47d7c7a3862fb824840ccaee64092c5d7

  • SHA256

    17b37cf7db4b20774fce174e0ae6ed09f773d2a634ad3652dffdca7b59938742

  • SHA512

    0026c2bab2a6acad3cc2508a36280222f6d4a106a7f329edc3fdc4af6eb2314b30df6f4da9e0eb49b033bacdd874df941a2bac01d8e1a9b66cfe190254cf7002

  • SSDEEP

    24576:wAwcDF6sHhInia1amebYNp2k5WmD9idNpPaVL0aaDnG5Zy:acDFknia1aXetWk0d/PQLgn4Zy

Score
10/10
spynotebankerinfostealerrattrojan

Malware Config

Extracted

Family

spynote

C2

googlechrome.myftp.org:5214

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote payload 1 IoCs
  • Tries to add a device administrator. 1 IoCs
  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 1 IoCs
  • Requests dangerous framework permissions 18 IoCs

Processes

  • com.eset.ems2.gp
    1⤵
    • Tries to add a device administrator.
    PID:4248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/null/base.apk
    Filesize

    279KB

    MD5

    216f60d2ec8f76127546c636f3a1a965

    SHA1

    28df0e4d5ce775510570af08aa223d7b6123bd45

    SHA256

    b7256bcec9ce286b2323dd723ef7326e0dd113e95e144907708df1730d6787e4

    SHA512

    caa132dd027d16f3e950e28e84d461cac78e08d4c4b1510c8739b58eadbd7cf4b3728dd9f1901488a63a3db436acd07475d866e01d2f21a1a74f8ae3a1550b9a

    Download Submit