spynote | bb60355c7714fc835e1b92e25ca479a0f0a6b49cd3e849118b6def8a007d7661 | Triage

Resubmissions

03-05-2024 10:30

240503-mjr8nsee77 10

Sharing

General

Target

bb60355c7714fc835e1b92e25ca479a0f0a6b49cd3e849118b6def8a007d7661.zip
Size

9.3MB
Sample

240503-mjr8nsee77
MD5

44aea53576c3b94b6155850d61e91cf1
SHA1

f0b5c26fd6a7aee2c26a13428c0672644d118cf4
SHA256

bb60355c7714fc835e1b92e25ca479a0f0a6b49cd3e849118b6def8a007d7661
SHA512

ecd3598414f249568693a9e9a90a1feb1e927e1fc4dc0a721facd548cb1283c67b08a934b572f3ec63c9d2fd01daaafdc64ea4008cb622b1e2a5f68a273d9aa9
SSDEEP

98304:maTeQ++DhpABvaQpzC+O0jemzfzBHT00to7IBN:d6ipmaybO0j5zVn9

Score

10^/10

spynote android collection credential_access evasion execution persistence

Malware Config

Targets

- Target
  
  bb60355c7714fc835e1b92e25ca479a0f0a6b49cd3e849118b6def8a007d7661.zip
- Size
  
  9.3MB
- MD5
  
  44aea53576c3b94b6155850d61e91cf1
- SHA1
  
  f0b5c26fd6a7aee2c26a13428c0672644d118cf4
- SHA256
  
  bb60355c7714fc835e1b92e25ca479a0f0a6b49cd3e849118b6def8a007d7661
- SHA512
  
  ecd3598414f249568693a9e9a90a1feb1e927e1fc4dc0a721facd548cb1283c67b08a934b572f3ec63c9d2fd01daaafdc64ea4008cb622b1e2a5f68a273d9aa9
- SSDEEP
  
  98304:maTeQ++DhpABvaQpzC+O0jemzfzBHT00to7IBN:d6ipmaybO0j5zVn9
Score

8^/10

collection credential_access evasion execution persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Schedules tasks to execute at a specified time
  Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
  execution persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessevasionexecutionpersistence

behavioral2

collectioncredential_accessevasionexecutionpersistence

behavioral3

collectioncredential_accessevasionexecutionpersistence