Overview

overview

10

Static

static

10

91c174ee17...21.apk

android-9-x86

8

91c174ee17...21.apk

android-10-x64

8

91c174ee17...21.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    91c174ee17ae412466f5d3204425575136b2e20b6773356d38004014a407bd21.bin

  • Size

    883KB

  • Sample

    240316-1xmf8sdd21

  • MD5

    c3ec0a4bdef44389b6fd35bab98e80d5

  • SHA1

    840cf538abcc1375e786d049e9f9785e3117e035

  • SHA256

    91c174ee17ae412466f5d3204425575136b2e20b6773356d38004014a407bd21

  • SHA512

    406e176f2d27a73eea4994f9e14dcf5c626e62b443bd1740ede9fc7e69e09a50311062f41f37ea98f5c64eb705ecf1b9ddcf31c225836ffc61e3812ea5362a3e

  • SSDEEP

    12288:XA9DRa1a8Lde3JJ5Ouu5X4fw2bcN5WmpYshXZPbGwidNpgm:ca1a6eb5puSfw2bE5WmD9idNp9

Score
10/10
spynoteandroidbankerdiscoveryprivilege_escalation

Malware Config

Extracted

Family

spynote

C2

0.tcp.eu.ngrok.io:19476

Targets

    • Target

      91c174ee17ae412466f5d3204425575136b2e20b6773356d38004014a407bd21.bin

    • Size

      883KB

    • MD5

      c3ec0a4bdef44389b6fd35bab98e80d5

    • SHA1

      840cf538abcc1375e786d049e9f9785e3117e035

    • SHA256

      91c174ee17ae412466f5d3204425575136b2e20b6773356d38004014a407bd21

    • SHA512

      406e176f2d27a73eea4994f9e14dcf5c626e62b443bd1740ede9fc7e69e09a50311062f41f37ea98f5c64eb705ecf1b9ddcf31c225836ffc61e3812ea5362a3e

    • SSDEEP

      12288:XA9DRa1a8Lde3JJ5Ouu5X4fw2bcN5WmpYshXZPbGwidNpgm:ca1a6eb5puSfw2bE5WmD9idNp9

    Score
    8/10
    bankerdiscoveryprivilege_escalation

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

      privilege_escalation

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks