Overview

overview

10

Static

static

10

client.apk

android-9-x86

8

client.apk

android-10-x64

8

client.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    client.apk

  • Size

    80.2MB

  • Sample

    240323-nf95raac2w

  • MD5

    f85233d95dbececd20ca40f00a7e5cdd

  • SHA1

    d3f0ffa097665e258f102ff70063c87b3ca964b7

  • SHA256

    e98a8f8ba020b53e2999b4784d53e462edece22ea32f7413a94b825669f31ec1

  • SHA512

    4938bc2d53232385a602ba0403f4ef821d90b46dd9e09f022188f871b9b54a4069bae62eb0c083134d3e5343cccd6485cfc854db363245e5b2f1f6d3b8870279

  • SSDEEP

    1572864:+CsR7MfORqjlUL+XV/+BBC3EXnhvSkKZDMq8PUAAcl6puM2Mh7ga5N7I5YM:fDORqjly+XVGeknhUZDMqMAQah7ga5Yz

Score
10/10
spynoteandroidbankerdiscoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

spynote

C2

0.tcp.eu.ngrok.io:17599

Targets

    • Target

      client.apk

    • Size

      80.2MB

    • MD5

      f85233d95dbececd20ca40f00a7e5cdd

    • SHA1

      d3f0ffa097665e258f102ff70063c87b3ca964b7

    • SHA256

      e98a8f8ba020b53e2999b4784d53e462edece22ea32f7413a94b825669f31ec1

    • SHA512

      4938bc2d53232385a602ba0403f4ef821d90b46dd9e09f022188f871b9b54a4069bae62eb0c083134d3e5343cccd6485cfc854db363245e5b2f1f6d3b8870279

    • SSDEEP

      1572864:+CsR7MfORqjlUL+XV/+BBC3EXnhvSkKZDMq8PUAAcl6puM2Mh7ga5N7I5YM:fDORqjly+XVGeknhUZDMqMAQah7ga5Yz

    Score
    8/10
    bankerdiscoveryevasionpersistenceprivilege_escalation

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Tries to add a device administrator.

      privilege_escalation

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks