Overview

overview

10

Static

static

6

chromesec.apk

android-9-x86

10

chromesec.apk

android-10-x64

10

chromesec.apk

android-11-x64

10

Resubmissions

26-10-2024 12:35

241026-psttzathpc 10

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    26-10-2024 12:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    chromesec.apk

  • Size

    6.0MB

  • MD5

    63801fb6477e574084e27d67613815a4

  • SHA1

    cc73568fd97024689cd68bdd57c6f3e9a5f10c15

  • SHA256

    b31404188e071efe50919a8e37a4c65176d14c4da92bc1d302b00c97474c6dd2

  • SHA512

    eff9e54f90e4e773ae24c1219858a059aefd5741be3e3d26987f892c24f15e449fbf84b9a27ef81a953fe48248593f5f7328600ef2a5a0bc3af132d068250150

  • SSDEEP

    98304:kAl0tNzBRp0mz0TsRt3BsaLxNH/Mdf2lwZocKEZOzBcsLYNtoBOAo5FWL:iPzzwsBsExE2BtckYNto/x

Score
10/10
spynotebankercollectioncredential_accessevasionexecutioninfostealerpersistencerattrojan

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote family
    spynote
  • Spynote payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • commercial.spice.yr
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Schedules tasks to execute at a specified time
    PID:4500

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/commercial.spice.yr/app_DynamicOptDex/eKnwNYO.json
    Filesize

    2.3MB

    MD5

    a1505e4f2ca61a7b924f186a796be47a

    SHA1

    b8f75d4f2fe77b018813f09f06c9bf5fc9f12a16

    SHA256

    9b38804a78e9a18846d5bd79d5255de2b8aad1dd282a5984befdb202d9a62ef3

    SHA512

    54f8b5df396e4bb41e1379d4e93410594be0b8fd3c0548b0c024946eb25719d4af96ef6739091ffec34f764e52611134545ba9f0666148f5900aa173501ddb92

    Download Submit

  • /data/user/0/commercial.spice.yr/app_DynamicOptDex/eKnwNYO.json
    Filesize

    2.3MB

    MD5

    02108f64f4c9accb209dc47db6374cd1

    SHA1

    5b33e40b41cda81ac55c901e0a6178a825d81865

    SHA256

    39f18c7afcef63708fa665fe7b39660bcc998913559787d8f3d22b8d1604c893

    SHA512

    e49d442da58a7a03454fb8022056155fd709bfe98ea55ac7559e687ab4b1e68aca4636c2e4f5eabe6ea9aa4f9efd3ebd20dc2b6f3d1f2b3baf915f3a1b0b7562

    Download Submit

  • /data/user/0/commercial.spice.yr/app_DynamicOptDex/eKnwNYO.json
    Filesize

    5.1MB

    MD5

    cedb61cf84da54f27723d3733ed88acb

    SHA1

    cbbf1eced9488f36bd8336a85d3f4e5c1b62876e

    SHA256

    02c17c2d1f45d6d2532263b9377170c30747a1da7c0a475623a0a4e1af76f28f

    SHA512

    cd59d47f952655775750f4fe6fb68e34d5aa83ce2e61c6c041a92d876369f9e4ae0ea5ebdfe4cc0ceaa12e91ac2654023fb8b8f0d4ec99fa72f7d4d00a7be9f6

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-26.txt
    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-26.txt
    Filesize

    21B

    MD5

    49a46df8628462b2e85c59b785d3ffd9

    SHA1

    e6ad5cab38022c488903fb1475b4fed021070f46

    SHA256

    189e442c77f2e0be8fd8d21c5cbdf79fb3f430e82acb783fa913e6af2dc0f319

    SHA512

    1fdc0457f4f949a8227cc49a7141b170d5db7539b256ca2e7714b0e0fb1c4139e2c8622110372bd539f492a2da1829a0fb0a508cd86bdda6b1df1d91c9ad1b77

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-26.txt
    Filesize

    25B

    MD5

    bdb821a955117250611e94cd23842584

    SHA1

    81edcea1b44f94cfc140710c8410d0696b760c67

    SHA256

    076eb89055ff3d929eb732e1002a0105652e628682a741151388ce1df3b6ec9d

    SHA512

    e52ffed4ee84acc414c530c239c8876d9e99c1f2b2c7626c0ed7fbe0c59b9cb8f8a5e9e983541bea3dfdb849dd3b9593df054c2482ed8bcda7c70ebd960ca268

    Download Submit