spynote | 5662fdb0a11ab5aaf32c0e920d8690a03a8b259af1fc8775495a4739c3572e2b | Triage

Sharing

General

Target

EvilRAT.apk
Size

4.7MB
Sample

241023-n6xmcayfjd
MD5

8e2d9680d83d88a4f54ca1f83e39911a
SHA1

0cf2ad380a8fcd4a715f142dfd1f8571c34d8308
SHA256

5662fdb0a11ab5aaf32c0e920d8690a03a8b259af1fc8775495a4739c3572e2b
SHA512

c8436a0448396f170457de2d78b6b0cd031b2ae2471995b67b1701e5883765f8390664394072e81859327407aa90d479947ce8d4694bda5c0781663d5262a5bd
SSDEEP

98304:hNn8qr+ELiDzJHQv9B194wnyl8mzzazBUTb0t6M3Dh:gq6EOD9Qv9b9rnerzzFEFN

Score

10^/10

spynote android collection credential_access evasion execution persistence

Malware Config

Targets

- Target
  
  EvilRAT.apk
- Size
  
  4.7MB
- MD5
  
  8e2d9680d83d88a4f54ca1f83e39911a
- SHA1
  
  0cf2ad380a8fcd4a715f142dfd1f8571c34d8308
- SHA256
  
  5662fdb0a11ab5aaf32c0e920d8690a03a8b259af1fc8775495a4739c3572e2b
- SHA512
  
  c8436a0448396f170457de2d78b6b0cd031b2ae2471995b67b1701e5883765f8390664394072e81859327407aa90d479947ce8d4694bda5c0781663d5262a5bd
- SSDEEP
  
  98304:hNn8qr+ELiDzJHQv9B194wnyl8mzzazBUTb0t6M3Dh:gq6EOD9Qv9b9rnerzzFEFN
Score

7^/10

collection credential_access evasion execution persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Requests enabling of the accessibility settings.
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessevasionexecutionpersistence