Overview

overview

10

Static

static

10

ready.apk

android-10-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ready.apk

  • Size

    688KB

  • Sample

    240430-qpvsjahf64

  • MD5

    61ce7ed4706922efb474f00cb7e12818

  • SHA1

    ff93b5510ba65e630993ce19954a29b9cef58564

  • SHA256

    2d196b05f4a984be00ff275c6a0ed99e4ce79c6d26302b856e360c4482a4982e

  • SHA512

    b0649c8958522d7606f3c68b13d47420a94c30d9323057a23a667c666bc8f03acaca4dc66aa44d1af5f018bc21bf315f1e21d3172c27a403bd4c3b4e1798552b

  • SSDEEP

    12288:R1BnXRZztLiOi/HUB4VcCIMnAehbwusT3cgtN0F2g6Rq214gy+tWDmB:9nhZ5Li3PUBAc2AehsHT3SF2gGNN2mB

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionimpactpersistencestealthtrojan

Malware Config

Extracted

Family

spynote

C2

h2cker.ddns.net:194

Extracted

Family

spynote

C2

h2cker.ddns.net:194

Targets

    • Target

      ready.apk

    • Size

      688KB

    • MD5

      61ce7ed4706922efb474f00cb7e12818

    • SHA1

      ff93b5510ba65e630993ce19954a29b9cef58564

    • SHA256

      2d196b05f4a984be00ff275c6a0ed99e4ce79c6d26302b856e360c4482a4982e

    • SHA512

      b0649c8958522d7606f3c68b13d47420a94c30d9323057a23a667c666bc8f03acaca4dc66aa44d1af5f018bc21bf315f1e21d3172c27a403bd4c3b4e1798552b

    • SSDEEP

      12288:R1BnXRZztLiOi/HUB4VcCIMnAehbwusT3cgtN0F2g6Rq214gy+tWDmB:9nhZ5Li3PUBAc2AehsHT3SF2gGNN2mB

    Score
    8/10
    bankercollectioncredential_accessdiscoveryevasionimpactpersistencestealthtrojan

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    behavioral1

MITRE ATT&CK Matrix

Tasks