spynote | 30ef5c7560a5b0db58964bf1cc7ab23ec3ce36b440b0e02fb6a7be43281749bd | Triage

Submit
Reports

Overview

overview

Static

static

Avast.apk

android-9-x86

8

Avast.apk

android-10-x64

8

Avast.apk

android-11-x64

8

Sharing

General

Target

Avast.apk
Size

4.5MB
Sample

240425-lnjxeshe3y
MD5

6103676bd7647fdde675acd3ea9fb92f
SHA1

65ab09fe0354bb9efc68c31fed4f327c6fa0ed25
SHA256

30ef5c7560a5b0db58964bf1cc7ab23ec3ce36b440b0e02fb6a7be43281749bd
SHA512

69a90471a7e1cef99af68cfe85a91b27952f37b5b8b9aebbc339de09590ab311e1ba4aedb40a36b276aa1edd6eeb5250d70ab9dac26565b4c009ba7d00b12abc
SSDEEP

98304:dPPyaxaJRqZ1cQKLbJyjsb+YimzXzB7Tt0t8lFv:oa8OcbJ8YNzti8

Score

10^/10

spynote android collection credential_access evasion persistence

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

Avast.apk

Resource

android-x86-arm-20240221-en

collection credential_access evasion persistence

android-9-x86

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Avast.apk

Resource

android-x64-20240221-en

collection credential_access evasion persistence

android-10-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

Avast.apk

Resource

android-x64-arm64-20240221-en

collection credential_access evasion persistence

android-11-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  Avast.apk
- Size
  
  4.5MB
- MD5
  
  6103676bd7647fdde675acd3ea9fb92f
- SHA1
  
  65ab09fe0354bb9efc68c31fed4f327c6fa0ed25
- SHA256
  
  30ef5c7560a5b0db58964bf1cc7ab23ec3ce36b440b0e02fb6a7be43281749bd
- SHA512
  
  69a90471a7e1cef99af68cfe85a91b27952f37b5b8b9aebbc339de09590ab311e1ba4aedb40a36b276aa1edd6eeb5250d70ab9dac26565b4c009ba7d00b12abc
- SSDEEP
  
  98304:dPPyaxaJRqZ1cQKLbJyjsb+YimzXzB7Tt0t8lFv:oa8OcbJ8YNzti8
Score

8^/10

collection credential_access evasion persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

collectioncredential_accessevasionpersistence

behavioral2

collectioncredential_accessevasionpersistence

behavioral3

collectioncredential_accessevasionpersistence

© 2018-2024

Terms | Privacy