spynote | hxxps://www[.]mediafire[.]com/file/d30u711rj7w1kpm/ready[.]apk/file | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

android-10-x64

Sharing

General

Target

https://www.mediafire.com/file/d30u711rj7w1kpm/ready.apk/file
Sample

240325-wr1z8aeh82

Score

10^/10

spynote android banker collection infostealer rat trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://www.mediafire.com/file/d30u711rj7w1kpm/ready.apk/file

Resource

android-x64-20240221-en

spynote banker collection infostealer rat trojan

android-10-x64

5 signatures

1800 seconds

Malware Config

Extracted

Family

spynote

C2

83.30.40.183:6666

Targets

- Target
  
  https://www.mediafire.com/file/d30u711rj7w1kpm/ready.apk/file
Score

10^/10

spynote banker collection infostealer rat trojan
- Spynote
  Spynote is a Remote Access Trojan first seen in 2017.
  banker trojan infostealer rat spynote
- Reads the content of photos stored on the user's device.
  collection
- Declares broadcast receivers with permission to handle system events
- Declares services with permission to bind to the system
- Requests dangerous framework permissions
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

spynotebankercollectioninfostealerrattrojan

© 2018-2024

Terms | Privacy