spynote | 6b084c33d39d58735fe4f51de0a891a19e657012d7c68fade967beeeb1d8c7c9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6b084c33d39d58735fe4f51de0a891a19e657012d7c68fade967beeeb1d8c7c9.bin
Size

760KB
Sample

240824-1xl6gasbld
MD5

f55a3475b39afe596c9ad90a3ccb9bfe
SHA1

955f2e932825335cb175acc0c22bcec7ca20f245
SHA256

6b084c33d39d58735fe4f51de0a891a19e657012d7c68fade967beeeb1d8c7c9
SHA512

a49493fd5ba094ab51ccf121040cf812c26d333393cd4609ad013ee3fb356bc5067443be2e2e96d594f0b3e0c9ffc1b2721232da5e0646369adc0b55610975e0
SSDEEP

12288:p46ddQa1a8Ldeu9McGD4Co5WmpYshXZPbGwidNpgu:p4Ra1a6eu7GUCo5WmD9idNp1

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

necessary-screensaver.gl.at.ply.gg:15573

Targets

- Target
  
  6b084c33d39d58735fe4f51de0a891a19e657012d7c68fade967beeeb1d8c7c9.bin
- Size
  
  760KB
- MD5
  
  f55a3475b39afe596c9ad90a3ccb9bfe
- SHA1
  
  955f2e932825335cb175acc0c22bcec7ca20f245
- SHA256
  
  6b084c33d39d58735fe4f51de0a891a19e657012d7c68fade967beeeb1d8c7c9
- SHA512
  
  a49493fd5ba094ab51ccf121040cf812c26d333393cd4609ad013ee3fb356bc5067443be2e2e96d594f0b3e0c9ffc1b2721232da5e0646369adc0b55610975e0
- SSDEEP
  
  12288:p46ddQa1a8Ldeu9McGD4Co5WmpYshXZPbGwidNpgu:p4Ra1a6eu7GUCo5WmD9idNp1
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation