spynote | b31404188e071efe50919a8e37a4c65176d14c4da92bc1d302b00c97474c6dd2 | Triage

Resubmissions

26-10-2024 12:35

241026-psttzathpc 10

Sharing

General

Target

chromesec.apk
Size

6.0MB
Sample

241026-psttzathpc
MD5

63801fb6477e574084e27d67613815a4
SHA1

cc73568fd97024689cd68bdd57c6f3e9a5f10c15
SHA256

b31404188e071efe50919a8e37a4c65176d14c4da92bc1d302b00c97474c6dd2
SHA512

eff9e54f90e4e773ae24c1219858a059aefd5741be3e3d26987f892c24f15e449fbf84b9a27ef81a953fe48248593f5f7328600ef2a5a0bc3af132d068250150
SSDEEP

98304:kAl0tNzBRp0mz0TsRt3BsaLxNH/Mdf2lwZocKEZOzBcsLYNtoBOAo5FWL:iPzzwsBsExE2BtckYNto/x

Score

10^/10

spynote android banker collection credential_access evasion execution infostealer persistence rat trojan

Malware Config

Targets

- Target
  
  chromesec.apk
- Size
  
  6.0MB
- MD5
  
  63801fb6477e574084e27d67613815a4
- SHA1
  
  cc73568fd97024689cd68bdd57c6f3e9a5f10c15
- SHA256
  
  b31404188e071efe50919a8e37a4c65176d14c4da92bc1d302b00c97474c6dd2
- SHA512
  
  eff9e54f90e4e773ae24c1219858a059aefd5741be3e3d26987f892c24f15e449fbf84b9a27ef81a953fe48248593f5f7328600ef2a5a0bc3af132d068250150
- SSDEEP
  
  98304:kAl0tNzBRp0mz0TsRt3BsaLxNH/Mdf2lwZocKEZOzBcsLYNtoBOAo5FWL:iPzzwsBsExE2BtckYNto/x
Score

10^/10

spynote banker collection credential_access evasion execution infostealer persistence rat trojan
- Spynote
  Spynote is a Remote Access Trojan first seen in 2017.
  banker trojan infostealer rat spynote
- Spynote family
  spynote
- Spynote payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

spynotebankercollectioncredential_accessevasionexecutioninfostealerpersistencerattrojan

behavioral2

spynotebankercollectioncredential_accessevasionexecutioninfostealerpersistencerattrojan

behavioral3

spynotebankercollectioncredential_accessevasionexecutioninfostealerpersistencerattrojan