Overview

overview

10

Static

static

10

ready.apk

android-10-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ready.apk

  • Size

    688KB

  • Sample

    240429-nqkb3she77

  • MD5

    9cb10521091c606e8836ef110353537a

  • SHA1

    37c9e651bae1b4f7f6c7d3f184f342cf2e1b9b6c

  • SHA256

    c5bb46dd3fac078a97fab2fe9c60f26b4523ca2df8614a7fd2ac1272eb8a9f90

  • SHA512

    bf34eebbaa78eb7e36e667bca4dacc508b15280b86b497c24d1f0eee65af96fc075521340a43b71cdc0bb345d08896f5f4e1b211a016575a2919450a73b73cec

  • SSDEEP

    12288:EKRhBsPW7wYRK+nxNre1HgDKTo4jzuO2y7/kW1/xQdIXusT3cgtN0FF46Rq21ggn:bRhBsR2x7mTlzuONsO/7HT3SFF4GNFw6

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionimpactpersistencestealthtrojan

Malware Config

Extracted

Family

spynote

C2

h2cker.ddns.net:194

Extracted

Family

spynote

C2

h2cker.ddns.net:194

Targets

    • Target

      ready.apk

    • Size

      688KB

    • MD5

      9cb10521091c606e8836ef110353537a

    • SHA1

      37c9e651bae1b4f7f6c7d3f184f342cf2e1b9b6c

    • SHA256

      c5bb46dd3fac078a97fab2fe9c60f26b4523ca2df8614a7fd2ac1272eb8a9f90

    • SHA512

      bf34eebbaa78eb7e36e667bca4dacc508b15280b86b497c24d1f0eee65af96fc075521340a43b71cdc0bb345d08896f5f4e1b211a016575a2919450a73b73cec

    • SSDEEP

      12288:EKRhBsPW7wYRK+nxNre1HgDKTo4jzuO2y7/kW1/xQdIXusT3cgtN0FF46Rq21ggn:bRhBsR2x7mTlzuONsO/7HT3SFF4GNFw6

    Score
    8/10
    bankercollectioncredential_accessdiscoveryevasionimpactpersistencestealthtrojan

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    behavioral1

MITRE ATT&CK Matrix

Tasks