spynote | 4faad62d48c91e8292e40dfc2e7fc298ecb51745d792415c0ad3b65a82e194fe | Triage

Sharing

General

Target

4faad62d48c91e8292e40dfc2e7fc298ecb51745d792415c0ad3b65a82e194fe.bin
Size

759KB
Sample

240217-1y7hssbc2y
MD5

80d6650095d4b7208d66ea3f5b6e0aa6
SHA1

5da78a5ff13faed1e36e00eb6346025e1fb51b8e
SHA256

4faad62d48c91e8292e40dfc2e7fc298ecb51745d792415c0ad3b65a82e194fe
SHA512

4560b211105bc41d90617dc41eeaeee4c2522c75b789950b9f4466b7ac599de9789f41460fe94388592cf7536350d28447a39ad09ec39d8c25353446e83563a7
SSDEEP

12288:DMAa1a8LzeoyT9YuW5WmpYshXZPbGwidNpga:DMAa1ameoE9YuW5WmD9idNpF

Score

10^/10

spynote android banker stealth trojan

Malware Config

Extracted

Family

spynote

C2

tcp://0.tcp.in.ngrok.io:14672

Targets

- Target
  
  4faad62d48c91e8292e40dfc2e7fc298ecb51745d792415c0ad3b65a82e194fe.bin
- Size
  
  759KB
- MD5
  
  80d6650095d4b7208d66ea3f5b6e0aa6
- SHA1
  
  5da78a5ff13faed1e36e00eb6346025e1fb51b8e
- SHA256
  
  4faad62d48c91e8292e40dfc2e7fc298ecb51745d792415c0ad3b65a82e194fe
- SHA512
  
  4560b211105bc41d90617dc41eeaeee4c2522c75b789950b9f4466b7ac599de9789f41460fe94388592cf7536350d28447a39ad09ec39d8c25353446e83563a7
- SSDEEP
  
  12288:DMAa1a8LzeoyT9YuW5WmpYshXZPbGwidNpga:DMAa1ameoE9YuW5WmD9idNpF
Score

8^/10

banker stealth trojan
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bankerstealthtrojan

behavioral2

bankerstealthtrojan

behavioral3

bankerstealthtrojan