spynote | a6004de6a426ae936ba9980ca175456849790596b634fc5be4874a232a3247d7 | Triage

Sharing

General

Target

a6004de6a426ae936ba9980ca175456849790596b634fc5be4874a232a3247d7.zip
Size

14.7MB
Sample

241106-dv3n4swnap
MD5

48658d5ec9903cd3afb15ac5b217b066
SHA1

06793939a4880f27060ababe90bbf2435a3dea23
SHA256

a6004de6a426ae936ba9980ca175456849790596b634fc5be4874a232a3247d7
SHA512

be844f7a3d1d733127c6bd8ff45efcf476ac9aff68531b0c35c74890e8079b2b6edde550d652b9ade7bc455c9860f0cbde32b4dd3c41331e83452ba05dd0731f
SSDEEP

393216:u1ko++UEBhPQT75d5Zb8RuI1rhMlIPDNQPa0hAcdylFPqC/Dwxa:uFdUZ5dTKuMMlILMrjyHPEa

Score

10^/10

spynote android collection credential_access discovery evasion impact persistence

Malware Config

Extracted

Family

spynote

C2

147.185.221.17:5764

Targets

- Target
  
  a6004de6a426ae936ba9980ca175456849790596b634fc5be4874a232a3247d7.zip
- Size
  
  14.7MB
- MD5
  
  48658d5ec9903cd3afb15ac5b217b066
- SHA1
  
  06793939a4880f27060ababe90bbf2435a3dea23
- SHA256
  
  a6004de6a426ae936ba9980ca175456849790596b634fc5be4874a232a3247d7
- SHA512
  
  be844f7a3d1d733127c6bd8ff45efcf476ac9aff68531b0c35c74890e8079b2b6edde550d652b9ade7bc455c9860f0cbde32b4dd3c41331e83452ba05dd0731f
- SSDEEP
  
  393216:u1ko++UEBhPQT75d5Zb8RuI1rhMlIPDNQPa0hAcdylFPqC/Dwxa:uFdUZ5dTKuMMlILMrjyHPEa
Score

7^/10

collection credential_access discovery evasion persistence impact
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries the mobile country code (MCC)
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Input Injection

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Input Capture

GUI Input Capture

Keylogging

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionpersistence

behavioral2

behavioral3

collectioncredential_accessevasionimpact