Overview

overview

10

Static

static

10

8af37a30c2...f9.apk

android-9-x86

7

8af37a30c2...f9.apk

android-10-x64

7

8af37a30c2...f9.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8af37a30c229047f278a5f1ded870d5cade38cc96bc86563226cc609629500f9.bin

  • Size

    760KB

  • Sample

    241004-1xhs2sydkm

  • MD5

    bf69443b5da2453eec28f139eccf0dd1

  • SHA1

    89bc69676342a8ed80979c3d09967e2a422ae44c

  • SHA256

    8af37a30c229047f278a5f1ded870d5cade38cc96bc86563226cc609629500f9

  • SHA512

    1590f8685bc7735b367a7bb11f1ca343cc04211b0ffeb19e4142754bff5495081cf3fa26a52323e4884da8b6aecdd8f19cbfc0ab88520ecc075e7a9684c9e5a1

  • SSDEEP

    12288:A2XQhTa1a8LrePcoMN47hV35WmpYshXZPbGwidNpgD:A2AVa1a2ePSNChV35WmD9idNp8

Score
10/10
spynoteandroidbankerdiscoveryevasionpersistence

Malware Config

Extracted

Family

spynote

C2

192.168.43.41:4444

Targets

    • Target

      8af37a30c229047f278a5f1ded870d5cade38cc96bc86563226cc609629500f9.bin

    • Size

      760KB

    • MD5

      bf69443b5da2453eec28f139eccf0dd1

    • SHA1

      89bc69676342a8ed80979c3d09967e2a422ae44c

    • SHA256

      8af37a30c229047f278a5f1ded870d5cade38cc96bc86563226cc609629500f9

    • SHA512

      1590f8685bc7735b367a7bb11f1ca343cc04211b0ffeb19e4142754bff5495081cf3fa26a52323e4884da8b6aecdd8f19cbfc0ab88520ecc075e7a9684c9e5a1

    • SSDEEP

      12288:A2XQhTa1a8LrePcoMN47hV35WmpYshXZPbGwidNpgD:A2AVa1a2ePSNChV35WmD9idNp8

    Score
    7/10
    bankerdiscoveryevasionpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks