Overview

overview

10

Static

static

6

47bbda0dd6...88.apk

android-9-x86

10

47bbda0dd6...88.apk

android-10-x64

10

47bbda0dd6...88.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    01-11-2024 03:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47bbda0dd6dec1a07a518519867399c0dfa8696590a15fb7b1351a1578b85588.apk

  • Size

    8.1MB

  • MD5

    6253c5a3deddfec7747f4f6721eb0e28

  • SHA1

    5d64ed1b0437b4ed34d58a2dcc741070fa5a98f2

  • SHA256

    47bbda0dd6dec1a07a518519867399c0dfa8696590a15fb7b1351a1578b85588

  • SHA512

    4869558cb0bf56458388d320968a0621ee4460a65eb8838990782389b2cd693d0fffde0a200085afe8259216c140c739a4f1434cd5d89fd3481401b47ec6fcdb

  • SSDEEP

    196608:DHQ2zW65PyVG9dWvZa4hwH4Fz35UNiy2/hhvLadoa:DT15Py89UZa4hVi2Zxa

Score
10/10
spynotebankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

spynote

C2

178.255.218.216:7771

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote family
    spynote
  • Spynote payload 1 IoCs
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.mumwsmhbo.eiwssbryt
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4577

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.mumwsmhbo.eiwssbryt/app_app_dex/vruljpe.mvf
    Filesize

    3.2MB

    MD5

    1e3ddb4f92749c94b2c28ddf78b41602

    SHA1

    fe6d33cf101a5a8c3d70921b0ab02d10c3b3ec19

    SHA256

    fbe43f610aa5bb662b6e3aa1751478bfcefece484435f3ff5eae974f28ef0330

    SHA512

    d6f7f8c363367f1a9244b958639786e7192ace1a144ca66ce6c8e28d1bc5945ec569b598725b5bd98890452a879da0ce33e44b658e76e2d4bc28d2849456813b

    Download Submit

  • /data/user/0/com.mumwsmhbo.eiwssbryt/app_app_dex/wwjhorh.mvf
    Filesize

    3.8MB

    MD5

    ee8fd7315a816c618dcbc3df0b8d5ba3

    SHA1

    0af1c08562c9415dbfd52f683835a223fa4d290d

    SHA256

    1b7774be7445883b441db78e4190365fa01ee6ccf67ace0904c7105650cae9bd

    SHA512

    ac2d15566368b69311c77ebd56ffa32365553f9e892f297ae080321423e00319c3f44b27a43164b84aad62a04da6a5dcc2187ad2a5e1c3458e6878d2059de40d

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-01.txt
    Filesize

    69B

    MD5

    bb8e8091bf71a9e4c2d4ba79318b4c33

    SHA1

    ab2e0dda25a7925099131956f58d951d55efad99

    SHA256

    f47eb906d4d56022251cbcac00af9c0f882a3552280eb5bb3da19ff548752156

    SHA512

    ba91651a5fd682e1ebfbad060c1ed9ff89b2c9cd66cb7928977779cd6360e20b3abcc57c52c4618d1757627c0d496a7f4dd6e8a02b7e30e658083bd46811a29a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-01.txt
    Filesize

    41B

    MD5

    3c79c5775d0e5ba84393615e52d53e65

    SHA1

    274f8485eb4db0243871b9303be97f312c94068e

    SHA256

    68d87acd090cca171adb6293c32115526c2235a77c9baa734e1d4dcac0c24319

    SHA512

    40a80f7ddfc2d17ba97140ba21e3ae8559652e2b28d9ce5a3f7c3a608f66672c533411131ed453de4cfac825a52169e8e5cfa1976068ebc90a7f187d78a96111

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-01.txt
    Filesize

    41B

    MD5

    027c87b04dd7416ec202148cf32a38b4

    SHA1

    c8932d78520a3314e3bf91cb8fdd7af5fc486fcc

    SHA256

    9260321cfbed6a11dbbf07dae7f60cf66bfff1439f1063c990f414b2e98c81ae

    SHA512

    23394142eacc45c9269de7308a2f711d5f42828c26ed5dc82b7c047299d35ea7754a48a7bf69059343d3a9f4cbf0409c20ab931bb5670af596961e5bff778818

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-01.txt
    Filesize

    41B

    MD5

    9f53765d2e363a8dfe26b799fe1980b3

    SHA1

    fa03f3870652a5bd7071d679b5c1a72ea0afbe66

    SHA256

    bac5cc533a2898168966005cd3ffca62989bbf748e5d7d332cb65dff68ddd715

    SHA512

    3242a177467a7e3509683a9974d454dfd38ddbb73eda18f4b44977b5ec87146b2325d45b5b2d1425bffb743c2a97c62ffd1f1efaa41c440b2b0a755c8a8cac52

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-01.txt
    Filesize

    296B

    MD5

    104a0831729badb1bf450186b6bc648a

    SHA1

    64b16e2c340abbca65dbc0d11edc91bf02afb307

    SHA256

    8b9601a20f5040e0859ae9b44c2d26331b6767cfe4a8615c10d12df19bc83cae

    SHA512

    0f07cc553854241cc00b22b1e2c61d5f72dae8ffe892cdd258388c89e2680d4069d7a5122187ee3422b1e72fe990b3d9aa2913042b9888e9cb0f726eab619926

    Download Submit