spynote | c8fc5f99153b79529f0f5f4fa5dcf46e0a75ecb2804a39512ac589e7bbd1bd49 | Triage

Sharing

General

Target

c8fc5f99153b79529f0f5f4fa5dcf46e0a75ecb2804a39512ac589e7bbd1bd49
Size

507KB
Sample

240515-ld9ebsbb35
MD5

fda800664fc979c6a7984d2c547c7443
SHA1

de5fe16d05a0ab3e88e03cab22f7eb56c2f09560
SHA256

c8fc5f99153b79529f0f5f4fa5dcf46e0a75ecb2804a39512ac589e7bbd1bd49
SHA512

b1ec8dea5991b3c77da0b9a6f1315f76ddbc70c8a94710a218499e41ac908ca09409c4cccef869235b6627dee7a1d32660641efdf1587fbb15f22f42588e33b2
SSDEEP

12288:6ISn/2oGmCncmhoHDdQCIF4ldOJfBcPHEC0J5Gt8EOD4sJ:6ISnhmhoHDKp6dOIfECYGtaDZ

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

4.194.25.153:5214

Targets

- Target
  
  8a91bf9ba1250e5f0977384101f5ff3c1d7dc121e7ed304e2580bac1082b7d61.apk
- Size
  
  786KB
- MD5
  
  572589492cf56c19140b0f35e5205dbd
- SHA1
  
  8fb0fe21bb0f3ee43702167c5b57f76397882264
- SHA256
  
  8a91bf9ba1250e5f0977384101f5ff3c1d7dc121e7ed304e2580bac1082b7d61
- SHA512
  
  ef08cf54f52b21826cddb9c1784c667471851687a14c907786b9df21201df27dc9f830555c8d55dda2c2b0249bd2e1e88d4552cd53e503ab75838b97c3399101
- SSDEEP
  
  12288:QLcfa1a8Lzezw+8RB/lwlW75WmpYshXZPbGwidNpgY:ta1amebkBtwlW75WmD9idNpf
Score

8^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation