Overview

overview

10

Static

static

6

8afc8b1d6f...b1.apk

android-9-x86

10

8afc8b1d6f...b1.apk

android-10-x64

10

8afc8b1d6f...b1.apk

android-11-x64

10

Analysis

  • max time kernel
    178s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    26-05-2024 07:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8afc8b1d6f9c36304475b04b97bf404b789a3994f5f1aea6c480497e8b2f8ab1.apk

  • Size

    4.8MB

  • MD5

    3f59e1ea2c222a211f5643e50a256875

  • SHA1

    2f68a1f887edf0535d62a1e05bf02976d645cb76

  • SHA256

    8afc8b1d6f9c36304475b04b97bf404b789a3994f5f1aea6c480497e8b2f8ab1

  • SHA512

    d9e3acc8c5073fd2ec89c5f974465e0f7fdbcf4d5ea101e9ba64199c807ad7110ed4cd9c1142d9cff025565fb1bfb788190b13cce131105ea9f17ed21acdc053

  • SSDEEP

    98304:QKpHnqE7ztN2SChf3AODU3ZiMrdH12Hu6EU2rv6S3LaP44FRix4Ovw7Qyb3tE:QKNqE9QSChvAODg5dVB6EU297OFRiKfI

Score
10/10
spynotebankerdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote payload 1 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.miui.tencent.security
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4616

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.miui.tencent.security/app_ded/Jpml9cAw3b91P2zXPufIdGv8yRCgNEXQ.dex
    Filesize

    572KB

    MD5

    723f465939d7ea8f23c82e4c590d8efa

    SHA1

    9e6ff456ef587af71b89fae3e9d05717f77144bc

    SHA256

    38a023f21bb7e4d95c5d100ab63ff3598f5d6dca2bd12c48120150fa18917614

    SHA512

    f2c1538409e357c464b723a56b7f24650a231d34e59f286bd85a1a209129c1662f9ac6d19ad101f9fe16a16fc910602850d0f66f85fb9101cd5dcde1539090c0

    Download Submit