spynote | cbabb543dcc0061456bef650b8ae989ece9a32fd834e9983d9347a821a0da0e3 | Triage

Submit
Reports

Overview

overview

Static

static

ready.apk

android-10-x64

8

ready.apk

android-11-x64

8

ready.apk

android-13-x64

8

ready.apk

android-9-x86

8

Sharing

General

Target

ready.apk
Size

9.3MB
Sample

240525-3g2bkaee3v
MD5

55eb6f1f28d2f5bde7aa6a85ae8dcf74
SHA1

33d38947635a12c97d4e79510ad8acaba36e75d6
SHA256

cbabb543dcc0061456bef650b8ae989ece9a32fd834e9983d9347a821a0da0e3
SHA512

d6fdcf83fd2bcf507156f039246afeb21d3533bfe8051538d09b5e1b38fde637c2ad757fd53a264d607b8ed6ece52527210fa0f75da6af347c2ee75cef1639e7
SSDEEP

98304:pO0HmcmjEYsYPfvVw0UBKr4UwpzSBnIPUN+mzfzBXTo0tIzD62:pdt5Ia0AKr4UQMlNZzRT52

Score

10^/10

spynote android collection credential_access evasion execution persistence

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

ready.apk

Resource

android-x64-20240514-en

collection credential_access evasion execution persistence

android-10-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ready.apk

Resource

android-x64-arm64-20240514-en

collection credential_access evasion execution persistence

android-11-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

ready.apk

Resource

android-33-x64-arm64-20240514-en

collection credential_access evasion execution persistence

android-13-x64

6 signatures

150 seconds

Behavioral task

behavioral4

Sample

ready.apk

Resource

android-x86-arm-20240514-en

collection credential_access evasion execution persistence

android-9-x86

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  ready.apk
- Size
  
  9.3MB
- MD5
  
  55eb6f1f28d2f5bde7aa6a85ae8dcf74
- SHA1
  
  33d38947635a12c97d4e79510ad8acaba36e75d6
- SHA256
  
  cbabb543dcc0061456bef650b8ae989ece9a32fd834e9983d9347a821a0da0e3
- SHA512
  
  d6fdcf83fd2bcf507156f039246afeb21d3533bfe8051538d09b5e1b38fde637c2ad757fd53a264d607b8ed6ece52527210fa0f75da6af347c2ee75cef1639e7
- SSDEEP
  
  98304:pO0HmcmjEYsYPfvVw0UBKr4UwpzSBnIPUN+mzfzBXTo0tIzD62:pdt5Ia0AKr4UQMlNZzRT52
Score

8^/10

collection credential_access evasion execution persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Prevents application removal
  Application may abuse the framework's APIs to prevent removal.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Schedules tasks to execute at a specified time
  Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
  execution persistence
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

collectioncredential_accessevasionexecutionpersistence

behavioral2

collectioncredential_accessevasionexecutionpersistence

behavioral3

collectioncredential_accessevasionexecutionpersistence

behavioral4

collectioncredential_accessevasionexecutionpersistence

© 2018-2024

Terms | Privacy