spynote | 15252dab0ea1545375e816146a323e001c0f1284ebe404ccf24cc58721707adc | Triage

Sharing

General

Target

15252dab0ea1545375e816146a323e001c0f1284ebe404ccf24cc58721707adc.bin
Size

760KB
Sample

241006-124lbaydmr
MD5

230986f6152a3b0a898bca6869847d98
SHA1

0922174d3244baf0181e905e1c22216f86415ec0
SHA256

15252dab0ea1545375e816146a323e001c0f1284ebe404ccf24cc58721707adc
SHA512

3228f3ca94e2addb1242c616ce3d7c6276df184744a446be32051f26b98c234b80c899b3bd32d05d1055934135bdfb84a24e96e11f89d22e1eb41c9e8c385368
SSDEEP

12288:tPV6sa1a8Ldej9X0x27AKY5WmpYshXZPbGwidNpgt:tPfa1a6ejix8AKY5WmD9idNpK

Score

10^/10

spynote android banker discovery evasion persistence

Malware Config

Extracted

Family

spynote

C2

advertising-evil.gl.at.ply.gg:7463

Targets

- Target
  
  15252dab0ea1545375e816146a323e001c0f1284ebe404ccf24cc58721707adc.bin
- Size
  
  760KB
- MD5
  
  230986f6152a3b0a898bca6869847d98
- SHA1
  
  0922174d3244baf0181e905e1c22216f86415ec0
- SHA256
  
  15252dab0ea1545375e816146a323e001c0f1284ebe404ccf24cc58721707adc
- SHA512
  
  3228f3ca94e2addb1242c616ce3d7c6276df184744a446be32051f26b98c234b80c899b3bd32d05d1055934135bdfb84a24e96e11f89d22e1eb41c9e8c385368
- SSDEEP
  
  12288:tPV6sa1a8Ldej9X0x27AKY5WmpYshXZPbGwidNpgt:tPfa1a6ejix8AKY5WmD9idNpK
Score

7^/10

banker discovery evasion persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdiscoveryevasionpersistence

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionpersistence