Overview

overview

10

Static

static

10

33066bfb04...06.apk

android-9-x86

1

33066bfb04...06.apk

android-10-x64

1

33066bfb04...06.apk

android-11-x64

1

childapp.apk

android-9-x86

7

childapp.apk

android-10-x64

7

childapp.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    33066bfb04c8edd75de98004eba14762823977de63145db399de57c2166d1406.zip

  • Size

    12.9MB

  • Sample

    241106-cyfhbatale

  • MD5

    6302ecdac4d5bc87ba4adb70a9b377cc

  • SHA1

    d1cede3fb707c565b5360da2bfc8ce6d330f96c6

  • SHA256

    33066bfb04c8edd75de98004eba14762823977de63145db399de57c2166d1406

  • SHA512

    12a8a9fd8808022bc3e646412246de19764d79dd282de29fbc54df02ff94d8070ba212f9a92d0cc1f292deba333b51cf31da81b5c69853c47e24723842134883

  • SSDEEP

    196608:0xSLBQc/3zX68vAjC/Pu5z8MBi5nA3wGS+0LPmZ8:0saiD1H2ls5newGwLeZ8

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      33066bfb04c8edd75de98004eba14762823977de63145db399de57c2166d1406.zip

    • Size

      12.9MB

    • MD5

      6302ecdac4d5bc87ba4adb70a9b377cc

    • SHA1

      d1cede3fb707c565b5360da2bfc8ce6d330f96c6

    • SHA256

      33066bfb04c8edd75de98004eba14762823977de63145db399de57c2166d1406

    • SHA512

      12a8a9fd8808022bc3e646412246de19764d79dd282de29fbc54df02ff94d8070ba212f9a92d0cc1f292deba333b51cf31da81b5c69853c47e24723842134883

    • SSDEEP

      196608:0xSLBQc/3zX68vAjC/Pu5z8MBi5nA3wGS+0LPmZ8:0saiD1H2ls5newGwLeZ8

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      childapp.apk

    • Size

      9.3MB

    • MD5

      b9f9b3f15f1d46b2fcc7603c27fdd162

    • SHA1

      d07bb872d7f523e113986690302cd49577d4ddf8

    • SHA256

      a2c4875714b92fdaca68879b3227c937d57867479d9975465bc3a8413966342c

    • SHA512

      7619ac4ce1e727e56b7abad8663de921fa4ad5145d8100dc3099013f0f89c69d6412db8ecbe4d5a1d9566aecf30e9d2f5b8343ad9d5c9266faae5bcbca4c8583

    • SSDEEP

      98304:0OZqx0VfLBQ/kFx3zX6LInnvAjC/D80uemzvzBaTD0tYaWN:exSLBQc/3zX68vAjC/Pu5z8Mk

    Score
    7/10
    bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Legitimate hosting services abused for malware hosting/C2

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral4behavioral5behavioral6

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks