spynote | 26d6252e49a32b467c6394c0e191b449e6ac4e08d81e4fe5ddf0562a307386e5

General

Target

26d6252e49a32b467c6394c0e191b449e6ac4e08d81e4fe5ddf0562a307386e5.apk
Size

10.3MB
Sample

240423-bkgb1sag2w
MD5

ec8f10e37cba8a1aadc34023472b7bb2
SHA1

ae93098dcd8dc0bbb4e8ba57870e5fe6d926be62
SHA256

26d6252e49a32b467c6394c0e191b449e6ac4e08d81e4fe5ddf0562a307386e5
SHA512

fdfc737a4067d0f357750170ba8b80782dfa31a3a993b48bd0b8c6d18372642b8bd7a3f97d1ef2e74ec8ac7922e1151e1f75b30800b4eee53ec4ea97da465249
SSDEEP

98304:0ejZeBavWL6XytbykoB6FlGN3iMo/b0OGmzPzBxTg0t4KXhpgdQw+z5uYCL:YBaOLokoBLtOxzvLpeyuL

Score

10^/10

Malware Config

Targets

- Target
  
  26d6252e49a32b467c6394c0e191b449e6ac4e08d81e4fe5ddf0562a307386e5.apk
- Size
  
  10.3MB
- MD5
  
  ec8f10e37cba8a1aadc34023472b7bb2
- SHA1
  
  ae93098dcd8dc0bbb4e8ba57870e5fe6d926be62
- SHA256
  
  26d6252e49a32b467c6394c0e191b449e6ac4e08d81e4fe5ddf0562a307386e5
- SHA512
  
  fdfc737a4067d0f357750170ba8b80782dfa31a3a993b48bd0b8c6d18372642b8bd7a3f97d1ef2e74ec8ac7922e1151e1f75b30800b4eee53ec4ea97da465249
- SSDEEP
  
  98304:0ejZeBavWL6XytbykoB6FlGN3iMo/b0OGmzPzBxTg0t4KXhpgdQw+z5uYCL:YBaOLokoBLtOxzvLpeyuL
Score

8^/10

banker collection credential_access discovery evasion impact persistence privilege_escalation
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Tries to add a device administrator.
  privilege_escalation impact
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks CPU information

Checks memory information

Loads dropped Dex/Jar

Makes use of the framework's foreground persistence service

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Tries to add a device administrator.

Acquires the wake lock

Checks if the internet connection is available

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3