Overview

overview

10

Static

static

10

3e6cb05f40...cc.apk

android-9-x86

1

3e6cb05f40...cc.apk

android-10-x64

1

3e6cb05f40...cc.apk

android-11-x64

1

childapp.apk

android-9-x86

8

childapp.apk

android-10-x64

8

childapp.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e6cb05f40e6b8f9035ac918d07eacd3f957eac344832e26e31802a204c532cc.apk

  • Size

    5.3MB

  • Sample

    240421-kmhgjafc47

  • MD5

    48d2018f147e38d0135da27d642fa460

  • SHA1

    3a54cbe91374c75b55eab5b37e8ad689b3ad8e9e

  • SHA256

    3e6cb05f40e6b8f9035ac918d07eacd3f957eac344832e26e31802a204c532cc

  • SHA512

    cba7571236d98ed0efd3bd2bc78b7febf79dad8fef32276325b9ee8cd0d8a6902a587a196db30072c272f2cb084aee7953351efffae97621f9d1ffe7609672cf

  • SSDEEP

    98304:CG+L5fDpirLo0ySfTssXTR+0J5zlosvflq/YeacWdtUZttIosskGPVnUZFx2OmO/:4L1ArH1Ls4A0dhvdsYhstVuGPZO4OmO/

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionpersistence

Malware Config

Targets

    • Target

      3e6cb05f40e6b8f9035ac918d07eacd3f957eac344832e26e31802a204c532cc.apk

    • Size

      5.3MB

    • MD5

      48d2018f147e38d0135da27d642fa460

    • SHA1

      3a54cbe91374c75b55eab5b37e8ad689b3ad8e9e

    • SHA256

      3e6cb05f40e6b8f9035ac918d07eacd3f957eac344832e26e31802a204c532cc

    • SHA512

      cba7571236d98ed0efd3bd2bc78b7febf79dad8fef32276325b9ee8cd0d8a6902a587a196db30072c272f2cb084aee7953351efffae97621f9d1ffe7609672cf

    • SSDEEP

      98304:CG+L5fDpirLo0ySfTssXTR+0J5zlosvflq/YeacWdtUZttIosskGPVnUZFx2OmO/:4L1ArH1Ls4A0dhvdsYhstVuGPZO4OmO/

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      childapp.apk

    • Size

      9.3MB

    • MD5

      1a7a176c4266c6b64cd1e18ef1940369

    • SHA1

      f1515ca1bd6260e34be1a6b70e593001621b626c

    • SHA256

      d0c92484bdede0511018dcd83516d235f9949744e6ee39d48c5ae4b6bb072d8e

    • SHA512

      9c96d47e31e69a6790caa281c146b1c3505b5b9db4b390c528fd05b231ba79d3929db24a4516ce5145e163cb208022a53f11ea8aafffbe12f8d881ea5d0216a7

    • SSDEEP

      98304:ztYbfPxltWOT15YPLcgkuA/rB/VymzLzBnTy0tEnTj:p41pTT2cJz9z9xi

    Score
    8/10
    bankercollectioncredential_accessdiscoveryevasionpersistence

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    behavioral4behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks