spynote | hxxps://www[.]mediafire[.]com/file/eac4inflb7kpkme/ready[.]apk/file

Analysis

max time kernel
192s
max time network
212s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
25-03-2024 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/eac4inflb7kpkme/ready.apk/file

Score

10^/10

spynote banker infostealer rat trojan

Malware Config

Extracted

Family

spynote

83.30.40.183:7771

Signatures

Spynote
Spynote is a Remote Access Trojan first seen in 2017.
banker trojan infostealer rat spynote

Declares broadcast receivers with permission to handle system events 1 IoCs

Processes:

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 3 IoCs

Processes:

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards).	android.permission.BIND_INPUT_METHOD

Requests dangerous framework permissions 15 IoCs

Processes:

description	ioc
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES

com.android.chrome
1⤵
PID:4178

com.android.chrome
1⤵
PID:5159

com.android.chrome
1⤵
PID:5411

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

files/dom-0.html
Filesize
332KB

MD5
136d3274fb2e3b959ef9a9b8b758df92

SHA1
6633f7c2cacbc4c9de15358932301337a08bdfce

SHA256
80168da3fdecb1239cecbe1812f4bbdefd4477bd92c90c081355d857f725ba77

SHA512
b1f758d349fc4b6281188697587b4e01b8c0442ff979326c1dc6b062ec9f80b1035ea0c1c57b089ba8d67f4d05831813f4ec6296a1579770239bad9d4a3b81a4

Download Submit
files/dom-1.html
Filesize
54KB

MD5
aba238a158f9f4a238ff0365d9bd0f27

SHA1
87f104286ea19d5a92969d9276339704fcd83a03

SHA256
294ce1689bdf905c5cc7ff7f14e033be7de51c6d1a298cf0ed4d310fecc80c40

SHA512
7fe9ef7be668a8bd5e9b439adfc311d61e06ce64b4ac58b3e219ba4d3467a96e5290729f33a79d383a5db38f1617d39c85147afde7d81cd60cef48c0c3da631f

Download Submit
/storage/emulated/0/Download/.com.google.Chrome.I8qQN4
Filesize
276KB

MD5
1d5e4dae1a357fd48bfc8ce59397856c

SHA1
b9d0bd6b837bbc08da26999a0bc64d994747f21a

SHA256
192f00ef10d9e611d06deff0350b8f1ac08ba939657e74c1cb068adcdcc7372d

SHA512
a16b3d5becb9d032ab3a80d4436f16d177462cbae8e87fdbdd6fa8796f8200898b0c51f3c01f5d217da3f56e76b29aae67f50d094cba1a482eb3e7a518602ff1

Download Submit
/storage/emulated/0/Download/.pending-1711994362-ready.apk
Filesize
96KB

MD5
69c2e1516b03c0dfc7e47d8a431915db

SHA1
6674c6caf412ce7abbb90da7044c83298e9daadc

SHA256
2a98b192d1a3cd835293b145d406b115994336732770fc22d26c78208887c1bd

SHA512
f2106886d3c3e29ced73c9891b4ce604fb8b67c6a08c63af98d66b0825d54e9516e68531ad1b24fa4d5c761c3ba8e42880d0adcdfbc2486244107e0260b559b6

Download Submit
/storage/emulated/0/Download/.pending-1711994362-ready.apk (deleted)
Filesize
512KB

MD5
59071590099d21dd439896592338bf95

SHA1
6a521e1d2a632c26e53b83d2cc4b0edecfc1e68c

SHA256
07854d2fef297a06ba81685e660c332de36d5d18d546927d30daad6d7fda1541

SHA512
eedb6cadbceb2c991fc6f68dccb80463b3f660c5358acd7d705398ae2e3df2b4327f0f6c6746486848bd2992b379776483a98063ae96edb45877bb0314874668

Download Submit