spynote | e301a0060bb7754d975c243e3753f783031283e4471e751ced3e774c9f308146 | Triage

Sharing

General

Target

ready.apk
Size

6.2MB
Sample

240328-nbehaaba8y
MD5

5f1f8b818bedf4fcd821d7707ea22de5
SHA1

bb40aefe9928dfd0ebe134ac7688c2b2df5525f0
SHA256

e301a0060bb7754d975c243e3753f783031283e4471e751ced3e774c9f308146
SHA512

648dff42426235bebaa0e9a595566a7f4c72fa9a183981609fcbda2f32dd2ee73542329b832defc1c688f1ef595e3f46a3362b926a84ab1b92abc8b5f73369bd
SSDEEP

24576:V9pFYY7mWiz8JRFzzLr84UorMqWNb4/extQZM8XQMwx:V9pRR9r84UKzWTxt+C

Score

10^/10

spynote android banker discovery

Malware Config

Extracted

Family

spynote

C2

promptylol-31420.portmap.io:5950

Targets

- Target
  
  ready.apk
- Size
  
  6.2MB
- MD5
  
  5f1f8b818bedf4fcd821d7707ea22de5
- SHA1
  
  bb40aefe9928dfd0ebe134ac7688c2b2df5525f0
- SHA256
  
  e301a0060bb7754d975c243e3753f783031283e4471e751ced3e774c9f308146
- SHA512
  
  648dff42426235bebaa0e9a595566a7f4c72fa9a183981609fcbda2f32dd2ee73542329b832defc1c688f1ef595e3f46a3362b926a84ab1b92abc8b5f73369bd
- SSDEEP
  
  24576:V9pFYY7mWiz8JRFzzLr84UorMqWNb4/extQZM8XQMwx:V9pRR9r84UKzWTxt+C
Score

8^/10

banker discovery
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdiscovery