spynote | 6b8ee2a88891bdecf5b7a51409aaef8a2624032bf5eb8921db2151bfcbd9a966 | Triage

Sharing

General

Target

testtttttttt.apk
Size

4.4MB
Sample

241020-t3rjtazgkm
MD5

899aa184008baf3bae009a379b9f5e76
SHA1

9d3a5af224fa97dd0af90c9487108961c84a9642
SHA256

6b8ee2a88891bdecf5b7a51409aaef8a2624032bf5eb8921db2151bfcbd9a966
SHA512

07bfa8a8aa7bb570f1148343f343a4b1cd21a3dc50523e77b461a090fca1efa48ab89cd4c645636ad63eb431450209043fd15217acd891c5f3609593e43ad619
SSDEEP

98304:5WaanhZsiAu+F7YNbTRXmmzQzBNTK0tIUd4w8:vahZsmKs1TRBzipbd6

Score

10^/10

spynote android banker collection credential_access discovery evasion execution persistence

Malware Config

Targets

- Target
  
  testtttttttt.apk
- Size
  
  4.4MB
- MD5
  
  899aa184008baf3bae009a379b9f5e76
- SHA1
  
  9d3a5af224fa97dd0af90c9487108961c84a9642
- SHA256
  
  6b8ee2a88891bdecf5b7a51409aaef8a2624032bf5eb8921db2151bfcbd9a966
- SHA512
  
  07bfa8a8aa7bb570f1148343f343a4b1cd21a3dc50523e77b461a090fca1efa48ab89cd4c645636ad63eb431450209043fd15217acd891c5f3609593e43ad619
- SSDEEP
  
  98304:5WaanhZsiAu+F7YNbTRXmmzQzBNTK0tIUd4w8:vahZsmKs1TRBzipbd6
Score

7^/10

banker collection credential_access discovery evasion execution persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Requests enabling of the accessibility settings.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Impair Defenses

Prevent Application Removal

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral2

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral3

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral4

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence