Overview

overview

10

Static

static

10

8d936e368b...d0.apk

android-9-x86

7

8d936e368b...d0.apk

android-10-x64

7

8d936e368b...d0.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8d936e368b1da97187dc1b0868255b4613bde9a4ae116870ff3145e4d7b04bd0.bin

  • Size

    760KB

  • Sample

    241002-1yf1vasgrb

  • MD5

    c7f64e7fc1724c44e681137f32cb6c79

  • SHA1

    c016dd6f1ab4ac4284ce8a562f3a660171c9baf4

  • SHA256

    8d936e368b1da97187dc1b0868255b4613bde9a4ae116870ff3145e4d7b04bd0

  • SHA512

    0264e993baac01361407859925c9bbf2f3ee205ad76b4ea748a6e5b42a3e4e89a31757a567e474f7efc9d1aca86784c50885a2bfe4e3a85d2d5e4b3204bfd821

  • SSDEEP

    12288:1PvB6JojBZvvTrQ7P7PXkYu5WmpYshXZPbGwidNpgvT:1P5XBZv/Q7LXkYu5WmD9idNpYT

Score
10/10
spynoteandroidbankerdiscoveryevasionpersistence

Malware Config

Extracted

Family

spynote

C2

darkhack.ddns.net:7491

Targets

    • Target

      8d936e368b1da97187dc1b0868255b4613bde9a4ae116870ff3145e4d7b04bd0.bin

    • Size

      760KB

    • MD5

      c7f64e7fc1724c44e681137f32cb6c79

    • SHA1

      c016dd6f1ab4ac4284ce8a562f3a660171c9baf4

    • SHA256

      8d936e368b1da97187dc1b0868255b4613bde9a4ae116870ff3145e4d7b04bd0

    • SHA512

      0264e993baac01361407859925c9bbf2f3ee205ad76b4ea748a6e5b42a3e4e89a31757a567e474f7efc9d1aca86784c50885a2bfe4e3a85d2d5e4b3204bfd821

    • SSDEEP

      12288:1PvB6JojBZvvTrQ7P7PXkYu5WmpYshXZPbGwidNpgvT:1P5XBZv/Q7LXkYu5WmD9idNpYT

    Score
    7/10
    bankerdiscoveryevasionpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks