Overview

overview

10

Static

static

6

48dae89653...dc.apk

android-9-x86

10

48dae89653...dc.apk

android-10-x64

10

48dae89653...dc.apk

android-11-x64

10

Analysis

  • max time kernel
    4s
  • max time network
    184s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    17-05-2024 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48dae89653161e7c3e4829d5451702dc.apk

  • Size

    3.0MB

  • MD5

    48dae89653161e7c3e4829d5451702dc

  • SHA1

    213b7f8c3f26a87b116927143289886742b979a1

  • SHA256

    78e669d3b20e5f1f33985f7228bf6a9410f61cb949fc0e9df5379537d54f981c

  • SHA512

    a07bc275d1e2cbc9da8ee789f4bec25e6846a8d0acab7479953fc45589165ba694e89de38241a0f8ecabe962f75d589ac4eae16e9d20d4539da6ffb46640189a

  • SSDEEP

    49152:ok/FTOoQl1Wc3kQdaWWce2Te6ECrYvEVZNap5HbGO0wnREZvDv:oOFSHz3kQAW3fTdEpMnsPbN9RO

Score
10/10
spynotebankerdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote payload 1 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Requests dangerous framework permissions 2 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • GOOD.BYE.GOOGLE
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/GOOD.BYE.GOOGLE/app_mph_dex/classes.dex
    Filesize

    572KB

    MD5

    4565def4512efe74e999abf013c91b2d

    SHA1

    e5cfc824020ce194e3c5e323cfeaf24caaf30ad6

    SHA256

    bcab89c43b0252d44a028c4fa46702c401663d70cf445d0b46c5e68ae3980b27

    SHA512

    7bea9f690e00b8bcecded81a8e48e869328ffb9f04796a99f4aa689f7e45433399d5ba3b748ba69f3303745a028ff78f42359bb475345240496af99e7f552425

    Download Submit
  • /storage/emulated/0/Android Covid/base.apk
    Filesize

    2.6MB

    MD5

    9f9098cd949fc90785c3fe1afccdca3e

    SHA1

    c28083fd26c3067f1c29755f450dcba077212533

    SHA256

    e441af83f445a1af90e738e4ad2ba5285304a3e9a2031013b887948dab4ffafd

    SHA512

    26ed74d1f0089133c082ccee2ce02c799b0342aaceadfd5223bb4135cb980eb743797bf5e64b4ec97f7a68cbac58c192027dcb05a029b064dbb5aaf26654432d

    Download Submit