spynote | ffc417297b1e348c69930abde0a93f0a2aa55afc0222fe3052d309c70451da7b | Triage

Submit
Reports

Overview

overview

Static

static

ypA3Wwq.apk

android-10-x64

8

ypA3Wwq.apk

android-11-x64

8

ypA3Wwq.apk

android-13-x64

8

ypA3Wwq.apk

android-9-x86

8

Sharing

General

Target

ypA3Wwq.apk
Size

4.5MB
Sample

240421-rqrb6sdb78
MD5

df71b9a448eb918ca6720e14b5c5d772
SHA1

045c5f0367043e214c9f889ae1b21f1550648c6f
SHA256

ffc417297b1e348c69930abde0a93f0a2aa55afc0222fe3052d309c70451da7b
SHA512

42815e0859ffd8b08d0283cab92ac7c76b77121a03aee36831215232052c3e013d7613d360eb1de1153cf508ba53b6bb20af07fd9d789ab4a581d103833ce1a8
SSDEEP

98304:EPthoqu9nseE56hBnPdKYNA7mzFzBsT10twRNwkinn:otGRMshFk8zQKo/K

Score

10^/10

spynote android collection credential_access evasion persistence

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

ypA3Wwq.apk

Resource

android-x64-20240221-en

collection credential_access evasion persistence

android-10-x64

4 signatures

1800 seconds

Behavioral task

behavioral2

Sample

ypA3Wwq.apk

Resource

android-x64-arm64-20240221-en

collection credential_access evasion persistence

android-11-x64

4 signatures

1800 seconds

Behavioral task

behavioral3

Sample

ypA3Wwq.apk

Resource

android-33-x64-arm64-20240229-en

collection credential_access evasion persistence

android-13-x64

4 signatures

1800 seconds

Behavioral task

behavioral4

Sample

ypA3Wwq.apk

Resource

android-x86-arm-20240221-en

collection credential_access evasion persistence

android-9-x86

5 signatures

1800 seconds

Malware Config

Targets

- Target
  
  ypA3Wwq.apk
- Size
  
  4.5MB
- MD5
  
  df71b9a448eb918ca6720e14b5c5d772
- SHA1
  
  045c5f0367043e214c9f889ae1b21f1550648c6f
- SHA256
  
  ffc417297b1e348c69930abde0a93f0a2aa55afc0222fe3052d309c70451da7b
- SHA512
  
  42815e0859ffd8b08d0283cab92ac7c76b77121a03aee36831215232052c3e013d7613d360eb1de1153cf508ba53b6bb20af07fd9d789ab4a581d103833ce1a8
- SSDEEP
  
  98304:EPthoqu9nseE56hBnPdKYNA7mzFzBsT10twRNwkinn:otGRMshFk8zQKo/K
Score

8^/10

collection credential_access evasion persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Requests enabling of the accessibility settings.
- Acquires the wake lock
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

collectioncredential_accessevasionpersistence

behavioral2

collectioncredential_accessevasionpersistence

behavioral3

collectioncredential_accessevasionpersistence

behavioral4

collectioncredential_accessevasionpersistence

© 2018-2024

Terms | Privacy