Overview

overview

10

Static

static

6

e656b59333...7d.apk

android-9-x86

1

e656b59333...7d.apk

android-10-x64

1

e656b59333...7d.apk

android-11-x64

1

childapp.apk

android-9-x86

10

childapp.apk

android-10-x64

10

childapp.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e656b5933368d7d4e24c64956d57a323c46c76007aa7bb4c400771aa06808c7d.apk

  • Size

    6.7MB

  • Sample

    240526-blzjzshd81

  • MD5

    bb0e0ea5657236c79d69b5d6b8fe2d9e

  • SHA1

    93a22d9955879a6d622c0ee0380334e2cc6ea4ac

  • SHA256

    e656b5933368d7d4e24c64956d57a323c46c76007aa7bb4c400771aa06808c7d

  • SHA512

    670da8e1a7dae816afdceb10968c98aad6c8bc6ee2c9c205ac1340186d70cb9643313839653dbc1c64b3b65660b7bea5931a2a7fff0d2f798aeb9cefc40a04f9

  • SSDEEP

    196608:+XYjJegABMCtOZ6xFily9ff8JAJF1R7hE0uTzZh1W:+Yj0lBtt2ofpZdhEXvM

Score
10/10
spynoteandroidbankerdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Targets

    • Target

      e656b5933368d7d4e24c64956d57a323c46c76007aa7bb4c400771aa06808c7d.apk

    • Size

      6.7MB

    • MD5

      bb0e0ea5657236c79d69b5d6b8fe2d9e

    • SHA1

      93a22d9955879a6d622c0ee0380334e2cc6ea4ac

    • SHA256

      e656b5933368d7d4e24c64956d57a323c46c76007aa7bb4c400771aa06808c7d

    • SHA512

      670da8e1a7dae816afdceb10968c98aad6c8bc6ee2c9c205ac1340186d70cb9643313839653dbc1c64b3b65660b7bea5931a2a7fff0d2f798aeb9cefc40a04f9

    • SSDEEP

      196608:+XYjJegABMCtOZ6xFily9ff8JAJF1R7hE0uTzZh1W:+Yj0lBtt2ofpZdhEXvM

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      childapp.apk

    • Size

      4.8MB

    • MD5

      92df3770e6426013880eb177389f27f3

    • SHA1

      75963009c8fa3f45dc91e1b266afb10c6592e71a

    • SHA256

      d8fa3466ff6f11a060ad6dff7e0c9c2e13935236eeafe265be650c7139b0b490

    • SHA512

      c9263342a88243b565e8f4d105b4576c142d5c64f8f7ea09669cae50b521a3c70bcde0f49f9c5fa02f5a4d61e6b072e4352ebf20e2a4a1aa98b7a572b3ac39db

    • SSDEEP

      98304:RwWhXdj89TdS4UvZhCyLvxgYNykcYv5oAVj6yhu4hgjKrlSWqpqo7al5M5+14b3/:WW9F89TdHUOyLvxgNkX1BhbhCKIvAV1M

    Score
    10/10
    spynotebankerdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

    • Spynote

      Spynote is a Remote Access Trojan first seen in 2017.

      bankertrojaninfostealerratspynote

    • Spynote payload

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence
    behavioral4behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks