spynote | 78bc1c088363f96eecd43f6c15337f143d8ba0ba6225aad875d0f29210a48f6b

Sharing

Copy URL

Twitter E-mail

General

Target

SpyNote_By 30Deep.zip
Size

22.5MB
Sample

240314-s42whaab33
MD5

26b7e4cd58c61fa431a17f897ab420a0
SHA1

c4153f6435673244d339b6f2267122e3e7737f5e
SHA256

78bc1c088363f96eecd43f6c15337f143d8ba0ba6225aad875d0f29210a48f6b
SHA512

4b2aa021928474553f8a4f7774bfb3029b3a701e0eac193d0165971a3e73904b636305260b1728066fa9d2c8adeeaed85ce53eadbc6426d14d2c39c5bf5f7fb3
SSDEEP

393216:660JCtRhbn8gL6o8eoeoABp7uGK5xn28tXMXk8PIEsien+W7Hlg40INLdTSuVM0/:6BoTl8vo8Yo0ocX7QEixIuVM0xl

Score

10^/10

spynote discovery

Malware Config

Extracted

Family

spynote

[SPY_NOTE_HOST_OK]:[SPY_NOTE_PORT_OK]

Targets

- Target
  
  SpyNote_By 30Deep/Android Tester.exe
- Size
  
  1.2MB
- MD5
  
  b4011069f308adfd9aaf162a048af52a
- SHA1
  
  5bd8e0a87315fae31a00c686117fa9e68cf68028
- SHA256
  
  5a43db2cdbafc97ffaa72c5dfc8c806c03fe48205c2f1924e9fddc64e94a6a6f
- SHA512
  
  cde1f70a991d17cd284b40e34a45044104856672d0bed5b0d3da08271ec854d4669bf7e8289d8c9a1e94be485b424ba5c7752bd40d7b286453619897f3e5ab5b
- SSDEEP
  
  24576:O3cM3co+GmVct8O2rKRZE+qR9O08k8sVW40PyQ:O3cM3cLoRZENLr
Score

3^/10
behavioral1 behavioral2
- Target
  
  SpyNote_By 30Deep/CoreAudioApi.dll
- Size
  
  24KB
- MD5
  
  6a009b7c4b252788d80d4e40adcf51ce
- SHA1
  
  9302cd4f00fa70b768feec2a49505052cd4bd13e
- SHA256
  
  df6115987161ee1238f9564bd10c998d9016f582e5b7b9d23d21a74d6955bdd3
- SHA512
  
  7a27bc38249b293fbfb9389cac3365bf64e9536281c347939192e6b151b4e574bd9743df81721dc4e6beca0ab0a5784436b7f7bff780fdddef4c7c26b02cc354
- SSDEEP
  
  384:JGuIVn86+5zUH4RmcBoZhn9ipvNeFSAucqmPBJGbsw3uiIx5L5gV:CVn86YzgoW0VNeFS0Tbw3up5tgV
Score

1^/10
behavioral3 behavioral4
- Target
  
  SpyNote_By 30Deep/NAudio.dll
- Size
  
  498KB
- MD5
  
  6ca17abccae3050f391401b2955f9333
- SHA1
  
  0975b039a793accb58130d6639262cd291d80d5d
- SHA256
  
  3ad5d09b4c8c3146d15955a564a9f1a57d7c795b189a25c6f722a738d95ef89c
- SHA512
  
  c08f366aae9baf0e7762f47a2f79d0dee5187a1d7631e5838590b7c12911bdeb6247e0ff860ade36e04f1d6717f919ad98df6d3a1a556bff4b8994db9616ccec
- SSDEEP
  
  12288:MnXnae2TPlr3zvzar5oRDaw92wP6mai9gs6C:K8lrT+r5ADakP4i9gs
Score

1^/10
behavioral5 behavioral6
- Target
  
  SpyNote_By 30Deep/Resources/Imports/Gsm/GSM.dll
- Size
  
  5KB
- MD5
  
  c4ceacedf5310a761b828bed9f7dbc62
- SHA1
  
  f2c4c23d1c04df3899bc0a1e1812eca8f421fbb1
- SHA256
  
  61b0ca29ce7a62932699f33c272fd6d3731a1430ac3455b7a240b01ae461370f
- SHA512
  
  58c42d60a28c6e344060242e77cc841ba1a892cb8b9d5dae02c8f9b2e4c1deeebb599e6a1c401a3c585eb44c28d9c72b2ee56be273169af1d52850e426a1da32
- SSDEEP
  
  96:Vuyz+/KPV+gzlmtrLPfdHOzHFu90rdjF:5z+m9ELPfdHH90H
Score

1^/10
behavioral7 behavioral8
- Target
  
  SpyNote_By 30Deep/Resources/Imports/Payload/BuildClient.exe
- Size
  
  43KB
- MD5
  
  fc5704b2e4bcd31f2d954b0fb8f4cfe0
- SHA1
  
  b37424a8a94f4b7e878ed79fd03914b1479a7e2b
- SHA256
  
  f0de2235c7cb055bb66f3880d58022a53339619f38165229640467250ef8547b
- SHA512
  
  3e0a9b8bbd7aae9ea91f75a9bdf18ac3777deaab9af87dba3ab0510e6bd126dcda2b95b51d58515d8ce6eac5c560223c8728e6377c6ff79043ec58b7cd89745c
- SSDEEP
  
  768:SFX5x0FJ2EGzJPJjEj4AeYAIkccBwiFYHJIXTMrEeYLdA:oXXjEa9M4YxNSUiMrOd
Score

1^/10
behavioral10 behavioral9
- Target
  
  SpyNote_By 30Deep/Resources/Imports/PlayerJava/PlayerJava.jar
- Size
  
  3KB
- MD5
  
  d9c23d7574c0d886321dcd029e463f2c
- SHA1
  
  7fad47eb6860a01325c6d526a43d9bbadb66aff7
- SHA256
  
  e22d8a06415f21b900a9a079a6a7928d6c84d2cf33aa07c6ad385dfbbfcd55ed
- SHA512
  
  c32c019fb0bacbd70441cf3ed769bfde9597389f840ff8511db36586756382ef22bd163a7b7cb9e258a4b7a896e5d1a606d92513a141cb2e3c6e421a66ecb316
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral11 behavioral12
- Target
  
  SpyNote_By 30Deep/Resources/Imports/T/sS.exe
- Size
  
  20KB
- MD5
  
  fcc080409bf077b1c85f159218e62dbf
- SHA1
  
  616e64d4ca2286d4f4b11df583fa2b9ba81c6e78
- SHA256
  
  e3865e0d3f776a6827f4ddb640cc66c56ede8826a1f29383e3578b85caf248ef
- SHA512
  
  14d7ceac1730faadfe10ff573ed825f8e449c7ae879892d09d832b67d68a128c07ef94c675a5221edde82e7b73fd1b852ddbda7894e554cce98fa1625fb00eb6
- SSDEEP
  
  384:3AOcHfvbeLb7i4yimcx5GLD9WLEO2a0R7RknlcDqfJ:3AO+fDen7i4fmFrRFknGDy
Score

1^/10
behavioral13 behavioral14
- Target
  
  SpyNote_By 30Deep/Resources/Imports/platform-tools/plwin.exe
- Size
  
  25KB
- MD5
  
  9aadaec3eccf406b2591e32c438a67a4
- SHA1
  
  fb971b1687400fcedf5ac4a36f45ead3b54d14e3
- SHA256
  
  268fa687554273029bf87668367b4084d4928de6b2a4cf4fbcd52e944d0efe16
- SHA512
  
  cba31ace6459a83dca18a486fc7a06da50419442d92e25e2661fdc101542b49ae3778fe197b6409396b7093747c67316917760de8576d351cd37e51e3dda9d3d
- SSDEEP
  
  768:Q3ULAwpnEUaSCMc/o6/d5cfsEAIHtYcFmVc6K:eULAwcSCMcdWfsQfmVcl
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

File and Directory Permissions Modification

T1222

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies file permissions

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16