Overview

overview

10

Static

static

10

c6be3d9ea2...85.apk

android-9-x86

7

c6be3d9ea2...85.apk

android-10-x64

7

c6be3d9ea2...85.apk

android-11-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    c6be3d9ea270416e2809852d20b891bba25df9605702ed3a095c96f479307585.bin

  • Size

    760KB

  • Sample

    240810-2z5w2asfmn

  • MD5

    b4788215e0b732e4adebd9f247006c3d

  • SHA1

    1260d2bdb34bfe6a390880be2215c73fe2285189

  • SHA256

    c6be3d9ea270416e2809852d20b891bba25df9605702ed3a095c96f479307585

  • SHA512

    279b4fe1497334aca38ca1536aa93e6071bd76fe688e68368f4f13280acbeee0c107320cd0e027c4eb027c76823c6bfe91f94abd647b359db812341ba29ef317

  • SSDEEP

    12288:YA6M3iea1a8LremvYb8S7ylZ5WmpYshXZPbGwidNpg89:YEpa1a2emS8IylZ5WmD9idNpf

Score
10/10
spynoteandroidbankerdiscoveryevasionpersistence

Malware Config

Extracted

Family

spynote

C2

mhkemo.zapto.org:4444

Targets

    • Target

      c6be3d9ea270416e2809852d20b891bba25df9605702ed3a095c96f479307585.bin

    • Size

      760KB

    • MD5

      b4788215e0b732e4adebd9f247006c3d

    • SHA1

      1260d2bdb34bfe6a390880be2215c73fe2285189

    • SHA256

      c6be3d9ea270416e2809852d20b891bba25df9605702ed3a095c96f479307585

    • SHA512

      279b4fe1497334aca38ca1536aa93e6071bd76fe688e68368f4f13280acbeee0c107320cd0e027c4eb027c76823c6bfe91f94abd647b359db812341ba29ef317

    • SSDEEP

      12288:YA6M3iea1a8LremvYb8S7ylZ5WmpYshXZPbGwidNpg89:YEpa1a2emS8IylZ5WmD9idNpf

    Score
    7/10
    bankerdiscoveryevasionpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks