Overview

overview

10

Static

static

10

client.apk

android-10-x64

7

client.apk

android-11-x64

7

client.apk

android-13-x64

7

client.apk

android-9-x86

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    client.apk

  • Size

    760KB

  • Sample

    241010-3kxgsaxgln

  • MD5

    66270fc1ebaff194ac4d0b327d8455fb

  • SHA1

    393fb7b7e929a3cc606b4567442d3675cea3c134

  • SHA256

    56cf855e8c2df6954e1450f72675e3fc4db220528300246b0d13d1c0e130c095

  • SHA512

    a7531fee017032f27a9d19af8790013f24910037a960d5a63c8e86fefcdfb9aad3087c3e408e8ac83b93d7fc507a63378589642c2941e63a15352d9a9a6207e4

  • SSDEEP

    12288:dmfGF0a1a8LrePvDPD48+5WmpYshXZPbGwidNpgu:dga1a2ePTD48+5WmD9idNpl

Score
10/10
spynoteandroidbankerdiscoveryevasionimpactpersistenceprivilege_escalation

Malware Config

Extracted

Family

spynote

C2

Ezling-25441.portmap.host:25441

Targets

    • Target

      client.apk

    • Size

      760KB

    • MD5

      66270fc1ebaff194ac4d0b327d8455fb

    • SHA1

      393fb7b7e929a3cc606b4567442d3675cea3c134

    • SHA256

      56cf855e8c2df6954e1450f72675e3fc4db220528300246b0d13d1c0e130c095

    • SHA512

      a7531fee017032f27a9d19af8790013f24910037a960d5a63c8e86fefcdfb9aad3087c3e408e8ac83b93d7fc507a63378589642c2941e63a15352d9a9a6207e4

    • SSDEEP

      12288:dmfGF0a1a8LrePvDPD48+5WmpYshXZPbGwidNpgu:dga1a2ePTD48+5WmD9idNpl

    Score
    7/10
    bankerdiscoveryevasionpersistenceimpactprivilege_escalation

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

      privilege_escalationimpact
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Mobile v15

Tasks