spynote | 39b2ae5434f9bf512812c6edd72da519bab87df26c1d362a9ae43f0dc03f8acd | Triage

Sharing

General

Target

39b2ae5434f9bf512812c6edd72da519bab87df26c1d362a9ae43f0dc03f8acd.zip
Size

8.3MB
Sample

241106-cxcd9sslhy
MD5

7a509ad6d59484eb22f9f85e69c6f80a
SHA1

c3f939980bac1c6a18fbf0865487c84cc1355243
SHA256

39b2ae5434f9bf512812c6edd72da519bab87df26c1d362a9ae43f0dc03f8acd
SHA512

5006de6ae510937a6aa9fa21b521a22b321650e62fd52be3a0d06d8999d1988537267ef5d2d3a541fd59da2177dad601f1f2bdcb41adafa251c9109eda848a30
SSDEEP

98304:qSm06K62EwWs85P9iSh3QA+2RB5jK4zBumz+Td0tYy:o0dTp9gtzeSYy

Score

10^/10

spynote android banker collection credential_access discovery evasion execution persistence

Malware Config

Targets

- Target
  
  39b2ae5434f9bf512812c6edd72da519bab87df26c1d362a9ae43f0dc03f8acd.zip
- Size
  
  8.3MB
- MD5
  
  7a509ad6d59484eb22f9f85e69c6f80a
- SHA1
  
  c3f939980bac1c6a18fbf0865487c84cc1355243
- SHA256
  
  39b2ae5434f9bf512812c6edd72da519bab87df26c1d362a9ae43f0dc03f8acd
- SHA512
  
  5006de6ae510937a6aa9fa21b521a22b321650e62fd52be3a0d06d8999d1988537267ef5d2d3a541fd59da2177dad601f1f2bdcb41adafa251c9109eda848a30
- SSDEEP
  
  98304:qSm06K62EwWs85P9iSh3QA+2RB5jK4zBumz+Td0tYy:o0dTp9gtzeSYy
Score

7^/10

banker collection credential_access discovery evasion execution persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence