Overview

overview

10

Static

static

10

c3978cb192...6d.apk

android-9-x86

8

c3978cb192...6d.apk

android-10-x64

8

c3978cb192...6d.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c3978cb192be9d009a2b2750727491977996fc41bc127d7e6c8cdd316a48226d.bin

  • Size

    760KB

  • Sample

    240217-1xxl7sbb8x

  • MD5

    a811878ae03c30f21d163811cde7787a

  • SHA1

    991be95a14c3bc2007af10c8c2790f7dc2567f78

  • SHA256

    c3978cb192be9d009a2b2750727491977996fc41bc127d7e6c8cdd316a48226d

  • SHA512

    49a6d6e6f2b9b5b6027422bdf5b5597fd3bcef7a3553acad8a0bc96e62ead5a1dc4e4edb46d20deeb0816769406a3c0f3f4fd3b602576a1d3e51eca84bc21c11

  • SSDEEP

    12288:7/5XwtI7fa1a8LdeH5bK/i+85WmpYshXZPbGwidNpgQ:7RAea1a6eHg/i+85WmD9idNpT

Score
10/10
spynoteandroidbanker

Malware Config

Extracted

Family

spynote

C2

5.tcp.eu.ngrok.io:15164

Targets

    • Target

      c3978cb192be9d009a2b2750727491977996fc41bc127d7e6c8cdd316a48226d.bin

    • Size

      760KB

    • MD5

      a811878ae03c30f21d163811cde7787a

    • SHA1

      991be95a14c3bc2007af10c8c2790f7dc2567f78

    • SHA256

      c3978cb192be9d009a2b2750727491977996fc41bc127d7e6c8cdd316a48226d

    • SHA512

      49a6d6e6f2b9b5b6027422bdf5b5597fd3bcef7a3553acad8a0bc96e62ead5a1dc4e4edb46d20deeb0816769406a3c0f3f4fd3b602576a1d3e51eca84bc21c11

    • SSDEEP

      12288:7/5XwtI7fa1a8LdeH5bK/i+85WmpYshXZPbGwidNpgQ:7RAea1a6eHg/i+85WmD9idNpT

    Score
    8/10
    banker

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      banker

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks