Overview

overview

10

Static

static

10

d021bc1ec9...e4.apk

android-9-x86

7

d021bc1ec9...e4.apk

android-10-x64

7

d021bc1ec9...e4.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03d74cf6adff84199aadc3c6196f8cd1.bin

  • Size

    3.6MB

  • Sample

    241107-bcpnessaqb

  • MD5

    8bd03bcc8b78b8a2f282f091581015d3

  • SHA1

    1257ed47cb27fc9469dd6909632e4c5ccd01abe7

  • SHA256

    95a4931c252cdaee98b1e86535a6efb7bd05f9ed9bc0cc408bbc82d9a78e6b1f

  • SHA512

    48eadf29a91862e329af10072d0d9f81098d11c7b62489064cf5325234d552e4e8bb1dd7c109890320d9eececf79434ea08185e9d85d4c97d6a4720d251ca3f8

  • SSDEEP

    98304:G7pju63v4oPeAokf+LUFDplmr2EeBU+rfbGwph:G7NuS4Wxf+EDpAch

Score
10/10
spynoteandroidcollectioncredential_accessevasionexecutionpersistence

Malware Config

Targets

    • Target

      d021bc1ec9819f8223e21c591acb4ff15c32751fb34ae2bdc4f813d13bf87ee4.zip

    • Size

      9.4MB

    • MD5

      03d74cf6adff84199aadc3c6196f8cd1

    • SHA1

      c3ea92435c99118c354a4898191987b2b04e7577

    • SHA256

      d021bc1ec9819f8223e21c591acb4ff15c32751fb34ae2bdc4f813d13bf87ee4

    • SHA512

      7c39016fadb0c8cc492ea18c42ae92a7a61af2b7b6a4597bca0f3d9f2e9a266bb9ce7f9a2e5163dfeae73c56049da70c1cd8615998e029673f8bd9cfe0c13f8c

    • SSDEEP

      98304:ENo+NRZyyzrnqyQd4RsDO7LAYRHemzZzB9TO0txGeW/j:Eag1zr44iDWLAKH5zZ1cj

    Score
    7/10
    collectioncredential_accessevasionexecutionpersistence

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Acquires the wake lock

    • Legitimate hosting services abused for malware hosting/C2

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks