spynote | 9f6e1a3f0fc0145f39be324fed93588f7aa0e83be57bd34ff6c32ddf58f415ce | Triage

Sharing

General

Target

9f6e1a3f0fc0145f39be324fed93588f7aa0e83be57bd34ff6c32ddf58f415ce.apk
Size

9.4MB
Sample

240524-qejyaaeh3v
MD5

ef806ff2b1c1ca3b0c01d4e0f955a11e
SHA1

6b1409a33109f63b4db2cafc44a7c22cf071155b
SHA256

9f6e1a3f0fc0145f39be324fed93588f7aa0e83be57bd34ff6c32ddf58f415ce
SHA512

c77500fda0392a779ac4ec60e4180665a7c4da363d660cef4bb9b575ae1a9cfb1f9ef285be68144b1f43f494c736ef02bc81699c564d432340042fda20b7da41
SSDEEP

98304:w+drFY0myObKfJiXswKUC23LE+KmznzBlTk0tgT6XV:TrFFmyREXRD8+lzTXIE

Score

10^/10

spynote android collection credential_access evasion execution persistence

Malware Config

Targets

- Target
  
  9f6e1a3f0fc0145f39be324fed93588f7aa0e83be57bd34ff6c32ddf58f415ce.apk
- Size
  
  9.4MB
- MD5
  
  ef806ff2b1c1ca3b0c01d4e0f955a11e
- SHA1
  
  6b1409a33109f63b4db2cafc44a7c22cf071155b
- SHA256
  
  9f6e1a3f0fc0145f39be324fed93588f7aa0e83be57bd34ff6c32ddf58f415ce
- SHA512
  
  c77500fda0392a779ac4ec60e4180665a7c4da363d660cef4bb9b575ae1a9cfb1f9ef285be68144b1f43f494c736ef02bc81699c564d432340042fda20b7da41
- SSDEEP
  
  98304:w+drFY0myObKfJiXswKUC23LE+KmznzBlTk0tgT6XV:TrFFmyREXRD8+lzTXIE
Score

8^/10

collection credential_access evasion execution persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Schedules tasks to execute at a specified time
  Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
  execution persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessevasionexecutionpersistence

behavioral2

collectioncredential_accessevasionexecutionpersistence

behavioral3

collectioncredential_accessevasionexecutionpersistence