Overview

overview

10

Static

static

10

dcbb56431f...d5.apk

android-9-x86

7

dcbb56431f...d5.apk

android-10-x64

7

dcbb56431f...d5.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dcbb56431f160fbab1043d07538051b8d89ac24d96baa1dcf6adff012bab82d5.bin

  • Size

    760KB

  • Sample

    241026-1zz54s1ark

  • MD5

    2ed8e0604946741da8ed586836bf0a61

  • SHA1

    1ac616b38bebfe50fa6f8dcdb20b6f6bb98e1ff0

  • SHA256

    dcbb56431f160fbab1043d07538051b8d89ac24d96baa1dcf6adff012bab82d5

  • SHA512

    476734fe37143ca22925bc53690be223de6c89fce733f54421b4789552ac7d1b7197df663efc589739aeb7f20dfe1e1ded55d0ae80928c7f27ef3913a43e7ea3

  • SSDEEP

    12288:CPtIbRWa1a8LdeAr6DatTv5WmpYshXZPbGwidNpg6:CPza1a6eA4atTv5WmD9idNpB

Score
10/10
spynoteandroidbankerdiscoveryevasionpersistence

Malware Config

Extracted

Family

spynote

C2

0.tcp.ngrok.io:14051

Targets

    • Target

      dcbb56431f160fbab1043d07538051b8d89ac24d96baa1dcf6adff012bab82d5.bin

    • Size

      760KB

    • MD5

      2ed8e0604946741da8ed586836bf0a61

    • SHA1

      1ac616b38bebfe50fa6f8dcdb20b6f6bb98e1ff0

    • SHA256

      dcbb56431f160fbab1043d07538051b8d89ac24d96baa1dcf6adff012bab82d5

    • SHA512

      476734fe37143ca22925bc53690be223de6c89fce733f54421b4789552ac7d1b7197df663efc589739aeb7f20dfe1e1ded55d0ae80928c7f27ef3913a43e7ea3

    • SSDEEP

      12288:CPtIbRWa1a8LdeAr6DatTv5WmpYshXZPbGwidNpg6:CPza1a6eA4atTv5WmD9idNpB

    Score
    7/10
    bankerdiscoveryevasionpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks