spynote | a2c4875714b92fdaca68879b3227c937d57867479d9975465bc3a8413966342c | Triage

Sharing

General

Target

a2c4875714b92fdaca68879b3227c937d57867479d9975465bc3a8413966342c.zip
Size

9.3MB
Sample

241106-dtqyxssrcv
MD5

b9f9b3f15f1d46b2fcc7603c27fdd162
SHA1

d07bb872d7f523e113986690302cd49577d4ddf8
SHA256

a2c4875714b92fdaca68879b3227c937d57867479d9975465bc3a8413966342c
SHA512

7619ac4ce1e727e56b7abad8663de921fa4ad5145d8100dc3099013f0f89c69d6412db8ecbe4d5a1d9566aecf30e9d2f5b8343ad9d5c9266faae5bcbca4c8583
SSDEEP

98304:0OZqx0VfLBQ/kFx3zX6LInnvAjC/D80uemzvzBaTD0tYaWN:exSLBQc/3zX68vAjC/Pu5z8Mk

Score

10^/10

spynote android banker collection credential_access discovery evasion execution persistence

Malware Config

Targets

- Target
  
  a2c4875714b92fdaca68879b3227c937d57867479d9975465bc3a8413966342c.zip
- Size
  
  9.3MB
- MD5
  
  b9f9b3f15f1d46b2fcc7603c27fdd162
- SHA1
  
  d07bb872d7f523e113986690302cd49577d4ddf8
- SHA256
  
  a2c4875714b92fdaca68879b3227c937d57867479d9975465bc3a8413966342c
- SHA512
  
  7619ac4ce1e727e56b7abad8663de921fa4ad5145d8100dc3099013f0f89c69d6412db8ecbe4d5a1d9566aecf30e9d2f5b8343ad9d5c9266faae5bcbca4c8583
- SSDEEP
  
  98304:0OZqx0VfLBQ/kFx3zX6LInnvAjC/D80uemzvzBaTD0tYaWN:exSLBQc/3zX68vAjC/Pu5z8Mk
Score

7^/10

banker collection credential_access discovery evasion execution persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Legitimate hosting services abused for malware hosting/C2
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral2

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral3

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence