Overview

overview

10

Static

static

10

bfaab3c357...31.apk

android-9-x86

4

bfaab3c357...31.apk

android-10-x64

1

bfaab3c357...31.apk

android-11-x64

1

childapp.apk

android-9-x86

7

childapp.apk

android-10-x64

7

childapp.apk

android-11-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    bfaab3c3577a1d8c8a7decb195ca751eb9b04b3ca1fd020584b36a42f63b5a31.apk

  • Size

    14.3MB

  • Sample

    241003-pnybla1epd

  • MD5

    32622308dc8be3513dd84aa7c3322683

  • SHA1

    84cd39ff45b7ae6b39afc0b1df2f729a0b17505d

  • SHA256

    bfaab3c3577a1d8c8a7decb195ca751eb9b04b3ca1fd020584b36a42f63b5a31

  • SHA512

    7ce9619ff1f44d99f0c32bc35d5e4f0e25d21fa1524782ab224a71b8795c774e0cfaa462d0e5d7cc48547b4bcd6e8fef6c3d7cd1326cc6c47694574908eb35df

  • SSDEEP

    98304:GNK3SK622BLqBkXyM/K62K+Fp18mTndzBfmzFTT0txTWyD35Z:GNK3kLcSV25+zFcxSYP

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      bfaab3c3577a1d8c8a7decb195ca751eb9b04b3ca1fd020584b36a42f63b5a31.apk

    • Size

      14.3MB

    • MD5

      32622308dc8be3513dd84aa7c3322683

    • SHA1

      84cd39ff45b7ae6b39afc0b1df2f729a0b17505d

    • SHA256

      bfaab3c3577a1d8c8a7decb195ca751eb9b04b3ca1fd020584b36a42f63b5a31

    • SHA512

      7ce9619ff1f44d99f0c32bc35d5e4f0e25d21fa1524782ab224a71b8795c774e0cfaa462d0e5d7cc48547b4bcd6e8fef6c3d7cd1326cc6c47694574908eb35df

    • SSDEEP

      98304:GNK3SK622BLqBkXyM/K62K+Fp18mTndzBfmzFTT0txTWyD35Z:GNK3kLcSV25+zFcxSYP

    Score
    4/10
    persistence
    behavioral1behavioral2behavioral3

    • Target

      childapp.apk

    • Size

      7.4MB

    • MD5

      bc57a316c9fc1bdb388f33519a7cd03f

    • SHA1

      939a72bfa653c6df659d0ee17bd378211be9f498

    • SHA256

      edfb578cb4276ecce6a8c7dbf85dc66efbe09e8606be85ce0497945be3ef7f2a

    • SHA512

      4ff6c1eb37a5d9bd3a6c3f78816132ed8bba64ac4498acb641749db7c044cdc038c929c418bda9a5a3acf6ced96e21defecf46b9b6475502e5e8adc13c34fb24

    • SSDEEP

      49152:owojayM/K62jmPJF0kDgzZXbNbGKLP1paRaP0s4ptKff6MiIf6Cp57SKsr5aUVfg:TyM/K62K+Fp18mTndzBfmzFTT0txTt

    Score
    7/10
    bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral4behavioral5behavioral6

MITRE ATT&CK Mobile v15

Tasks