Overview

overview

10

Static

static

6

005d36928b...fe.apk

android-10-x64

10

005d36928b...fe.apk

android-9-x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    240515-rl9yqaeksv_pw_infected.zip

  • Size

    1019KB

  • Sample

    240520-yw9h9sfg6z

  • MD5

    280f63630a4f826ab0879f2d9a2d48de

  • SHA1

    7d4802524b2b6f7f01ffc4a2b6820e6809e48d84

  • SHA256

    4b29daa11e8ba1ef5f90529fc77edb327a6ffab75d706f165baed14b0191d3ad

  • SHA512

    6cfd9c96db8372b44b32f0b44080672f3fb2ab622a607add019fca2bbebfe96c1959c4c17a58569c27c89597187769f843cec8606a845c2e7be71e9d84daaf44

  • SSDEEP

    24576:iAkUjjtr3RsEUu391Hc3F/q5ny8lgQEOzepM:ZZjZ3RsJuimnpglM

Score
10/10
spynoteandroidbankerdiscoveryevasioninfostealerpersistenceratstealthtrojan

Malware Config

Targets

    • Target

      005d36928b02814f6c3fb040a114a666e2aa2b976ea3c3af8a245ee41179b9fe

    • Size

      1.2MB

    • MD5

      00f5261cdc54cf4bbd5bafe5be01ec6f

    • SHA1

      28b348b5950299a50ad611388672b2b4e4e8a7c0

    • SHA256

      005d36928b02814f6c3fb040a114a666e2aa2b976ea3c3af8a245ee41179b9fe

    • SHA512

      b79b809236fb8e31ab177245d8f8f43aaccdfebb7d1219eca1c1515908500f8bd858c11c7683f993dd1e6cf37cab38bdaf11d66f802db4caa701998981986672

    • SSDEEP

      24576:WXrV0d5h6G4svi6q7+vwSTE1sNSFE/md/DqS0+XaLmjRvqgJPWI0a:WZ0N6VsxqqHE1s8FhqDjLGRvqgJPt

    Score
    10/10
    spynotebankerdiscoveryevasioninfostealerpersistencerattrojanstealth

    • Spynote

      Spynote is a Remote Access Trojan first seen in 2017.

      bankertrojaninfostealerratspynote

    • Spynote payload

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks