spynote | 2512b551758aa82edc38df3cabb050191ba71e27771a85cd9ee27ad7d0d8b531 | Triage

Sharing

General

Target

tool.apk
Size

696KB
Sample

241020-ba8nhs1eqr
MD5

1191a942cc593071da75bd9d551c5fff
SHA1

fd138a0a41eeacebbc43bfd50ae315860e643f15
SHA256

2512b551758aa82edc38df3cabb050191ba71e27771a85cd9ee27ad7d0d8b531
SHA512

48d5dd6040d9e75df86d4b993392d55466f608b4ab9cbc4916f2cd0c08718ecc2c7559175fc1188d774fc614ae035df7d0f6404f64328576310e231f9451adcb
SSDEEP

12288:gJ/WU5GyF7rF/igUDXU4FMGDPK+dnHLsdgObAusT3cgtN0F7WA6Rq21YgWOtWDaO:gdD7rpQD3HxHLYdbAHT3SF7WAGNtSaO

Score

10^/10

spynote android collection credential_access discovery evasion impact persistence

Malware Config

Extracted

Family

spynote

C2

call-flip.gl.at.ply.gg:4411

Targets

- Target
  
  tool.apk
- Size
  
  696KB
- MD5
  
  1191a942cc593071da75bd9d551c5fff
- SHA1
  
  fd138a0a41eeacebbc43bfd50ae315860e643f15
- SHA256
  
  2512b551758aa82edc38df3cabb050191ba71e27771a85cd9ee27ad7d0d8b531
- SHA512
  
  48d5dd6040d9e75df86d4b993392d55466f608b4ab9cbc4916f2cd0c08718ecc2c7559175fc1188d774fc614ae035df7d0f6404f64328576310e231f9451adcb
- SSDEEP
  
  12288:gJ/WU5GyF7rF/igUDXU4FMGDPK+dnHLsdgObAusT3cgtN0F7WA6Rq21YgWOtWDaO:gdD7rpQD3HxHLYdbAHT3SF7WAGNtSaO
Score

7^/10

collection credential_access discovery evasion persistence impact
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries the mobile country code (MCC)
  discovery
- Requests enabling of the accessibility settings.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Impair Defenses

Prevent Application Removal

Input Injection

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Input Capture

GUI Input Capture

Keylogging

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionpersistence

behavioral2

collectioncredential_accessdiscoveryevasionimpactpersistence

behavioral3

collectioncredential_accessevasionimpact