Overview

overview

10

Static

static

6

Miui Security.apk

android-9-x86

10

Miui Security.apk

android-10-x64

10

Miui Security.apk

android-11-x64

10

Analysis

  • max time kernel
    179s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    25-05-2024 16:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Miui Security.apk

  • Size

    4.8MB

  • MD5

    92df3770e6426013880eb177389f27f3

  • SHA1

    75963009c8fa3f45dc91e1b266afb10c6592e71a

  • SHA256

    d8fa3466ff6f11a060ad6dff7e0c9c2e13935236eeafe265be650c7139b0b490

  • SHA512

    c9263342a88243b565e8f4d105b4576c142d5c64f8f7ea09669cae50b521a3c70bcde0f49f9c5fa02f5a4d61e6b072e4352ebf20e2a4a1aa98b7a572b3ac39db

  • SSDEEP

    98304:RwWhXdj89TdS4UvZhCyLvxgYNykcYv5oAVj6yhu4hgjKrlSWqpqo7al5M5+14b3/:WW9F89TdHUOyLvxgNkX1BhbhCKIvAV1M

Score
10/10
spynotebankerdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote payload 1 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.miui.tencent.security
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4527

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.miui.tencent.security/app_ded/hfJ7M2Tg1Eyc8iB6Ob0Dny4FfXrIMXW3.dex
    Filesize

    572KB

    MD5

    723f465939d7ea8f23c82e4c590d8efa

    SHA1

    9e6ff456ef587af71b89fae3e9d05717f77144bc

    SHA256

    38a023f21bb7e4d95c5d100ab63ff3598f5d6dca2bd12c48120150fa18917614

    SHA512

    f2c1538409e357c464b723a56b7f24650a231d34e59f286bd85a1a209129c1662f9ac6d19ad101f9fe16a16fc910602850d0f66f85fb9101cd5dcde1539090c0

    Download Submit