spynote | f475d402796298a48d491ad2fcdfb95d48f7cdab293df4c9265d0579d5033ffb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f475d402796298a48d491ad2fcdfb95d48f7cdab293df4c9265d0579d5033ffb.bin
Size

760KB
Sample

241010-11qytsvaqj
MD5

c46352b0768f1f15cb402a2de88e33be
SHA1

a0554d5a7abf299efceb15b91585fd26b0f99581
SHA256

f475d402796298a48d491ad2fcdfb95d48f7cdab293df4c9265d0579d5033ffb
SHA512

de38c7d84b7e54f928fa5da00103558636e0078f47a541e642a91f1420382ac53a7488aeb3d705e7b74f3826af4316e0c1564c7e2c9fc8e01d13505113f77474
SSDEEP

12288:oZYy73a1a8LreyJEmaUrr5WmpYshXZPbGwidNpgXq:oZla1a2eyxaUrr5WmD9idNpt

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

0.tcp.ngrok.io:2255

Targets

- Target
  
  f475d402796298a48d491ad2fcdfb95d48f7cdab293df4c9265d0579d5033ffb.bin
- Size
  
  760KB
- MD5
  
  c46352b0768f1f15cb402a2de88e33be
- SHA1
  
  a0554d5a7abf299efceb15b91585fd26b0f99581
- SHA256
  
  f475d402796298a48d491ad2fcdfb95d48f7cdab293df4c9265d0579d5033ffb
- SHA512
  
  de38c7d84b7e54f928fa5da00103558636e0078f47a541e642a91f1420382ac53a7488aeb3d705e7b74f3826af4316e0c1564c7e2c9fc8e01d13505113f77474
- SSDEEP
  
  12288:oZYy73a1a8LreyJEmaUrr5WmpYshXZPbGwidNpgXq:oZla1a2eyxaUrr5WmD9idNpt
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation