spynote | c19cf001efb893cfb4f3aedb1c4c3771ce8419d3838e1bc399e88a12b583b28c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Android Telegram.apk
Size

3.0MB
Sample

240914-ptf99svapa
MD5

66c4513025128719dda018820cc0987e
SHA1

4dcc2d9ef4921b3eb4e4dc72dd3716520d558102
SHA256

c19cf001efb893cfb4f3aedb1c4c3771ce8419d3838e1bc399e88a12b583b28c
SHA512

dd5ed77e8f110ceafe036adcf673dfb77b46e78d23815abcf25cbe08ad6631bf6c348bdab49ca497ed44c77c1ad0b19425fd8ed44063cb1da8dbe9b84fab49bd
SSDEEP

49152:HYvtHWc3kQdaWWce2fFeeC6K6iZHyqDmLJTsY2424rTOoQE2jvKuAz:Hodz3kQAW3ft9CH79dD2JNvS+

Score

10^/10

spynote android banker discovery evasion infostealer persistence rat trojan

Malware Config

Targets

- Target
  
  Android Telegram.apk
- Size
  
  3.0MB
- MD5
  
  66c4513025128719dda018820cc0987e
- SHA1
  
  4dcc2d9ef4921b3eb4e4dc72dd3716520d558102
- SHA256
  
  c19cf001efb893cfb4f3aedb1c4c3771ce8419d3838e1bc399e88a12b583b28c
- SHA512
  
  dd5ed77e8f110ceafe036adcf673dfb77b46e78d23815abcf25cbe08ad6631bf6c348bdab49ca497ed44c77c1ad0b19425fd8ed44063cb1da8dbe9b84fab49bd
- SSDEEP
  
  49152:HYvtHWc3kQdaWWce2fFeeC6K6iZHyqDmLJTsY2424rTOoQE2jvKuAz:Hodz3kQAW3ft9CH79dD2JNvS+
Score

10^/10

spynote banker discovery evasion infostealer persistence rat trojan
- Spynote
  Spynote is a Remote Access Trojan first seen in 2017.
  banker trojan infostealer rat spynote
- Spynote payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests dangerous framework permissions
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

spynotebankerdiscoveryevasioninfostealerpersistencerattrojan

behavioral3

spynotebankerdiscoveryevasioninfostealerrattrojan