spynote | 50a6e55d056a71e2c4727743dd38e3c5d0d1ad9abca32db3b43c9546bd19341a | Triage

Sharing

General

Target

50a6e55d056a71e2c4727743dd38e3c5d0d1ad9abca32db3b43c9546bd19341a.zip
Size

14.6MB
Sample

241106-c4pceatflq
MD5

0ee0fd1549279eebfa63616accb5c6f0
SHA1

b7962c3a23e14019309c3d0ddd20c38cdfdb6dfb
SHA256

50a6e55d056a71e2c4727743dd38e3c5d0d1ad9abca32db3b43c9546bd19341a
SHA512

cae8e7c18065a94fbbe1e5b7baaed36700835a3fefb4d047416cc9bcb76a354565b2f4cb589116762ad09c48367a6c0f69e947b4f87dbabc80747869f26d9552
SSDEEP

393216:+USo++UEBhPQT75d5Zb8RuI1rhMlIPDNQPa0hAcdylFPqC/Dwxd:TdUZ5dTKuMMlILMrjyHPEd

Score

10^/10

spynote android collection credential_access discovery evasion impact persistence

Malware Config

Extracted

Family

spynote

C2

147.185.221.17:5764

Targets

- Target
  
  50a6e55d056a71e2c4727743dd38e3c5d0d1ad9abca32db3b43c9546bd19341a.zip
- Size
  
  14.6MB
- MD5
  
  0ee0fd1549279eebfa63616accb5c6f0
- SHA1
  
  b7962c3a23e14019309c3d0ddd20c38cdfdb6dfb
- SHA256
  
  50a6e55d056a71e2c4727743dd38e3c5d0d1ad9abca32db3b43c9546bd19341a
- SHA512
  
  cae8e7c18065a94fbbe1e5b7baaed36700835a3fefb4d047416cc9bcb76a354565b2f4cb589116762ad09c48367a6c0f69e947b4f87dbabc80747869f26d9552
- SSDEEP
  
  393216:+USo++UEBhPQT75d5Zb8RuI1rhMlIPDNQPa0hAcdylFPqC/Dwxd:TdUZ5dTKuMMlILMrjyHPEd
Score

7^/10

collection credential_access discovery evasion persistence impact
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries the mobile country code (MCC)
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Input Injection

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Input Capture

GUI Input Capture

Keylogging

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionpersistence

behavioral2

collectioncredential_accessdiscoveryevasionimpactpersistence

behavioral3

collectioncredential_accessimpact