spynote | 1eaad8639814af1fe53510e514a000a1960dc01b6bd23a9aec2506911bc159db | Triage

Sharing

General

Target

2aaad06ca1436375f3be6c1bcc98e8b8.bin
Size

3.5MB
Sample

241107-bgph8asblh
MD5

f27d88e8b75bbcd0c67257f5633784a2
SHA1

c33be5935917da7df9da83ba53df7e38fc1e6ab3
SHA256

1eaad8639814af1fe53510e514a000a1960dc01b6bd23a9aec2506911bc159db
SHA512

1e925d9862098b9bf95438dce7568cc4700b3d614fc47d1b416a25efa8f8a4d8481d22293b4e58a15f2f0ed56be8e63c46168b0803d8c18d4cf6ac846018bace
SSDEEP

98304:I7gha8uyNfX1JWunGNQIUBtbFtORB5AngB60uQ65QtYi8W6:Mgha8uyJX7WyGNQvoRBSngBU2GxW6

Score

10^/10

spynote android banker collection credential_access discovery evasion execution persistence

Malware Config

Targets

- Target
  
  8746bf831496bff6758712510fb4e1d65473337a1ad2d0bc60a27fc987656668.zip
- Size
  
  9.3MB
- MD5
  
  2aaad06ca1436375f3be6c1bcc98e8b8
- SHA1
  
  ccac2d884447391499c71128c5c7b60eefa332db
- SHA256
  
  8746bf831496bff6758712510fb4e1d65473337a1ad2d0bc60a27fc987656668
- SHA512
  
  51ae191e17f48ac39c5254470a6c57c3f22fef49bf14c407a6feafd44f3ed9d658c80249ae1927be741ba275bff6b33d4adb78d15312f04113d27bad01445e88
- SSDEEP
  
  98304:fWBzBETlmzUEG0tbubLme65B42dDOY+zYAva5B+yFNN:fdIzUWb656HtGyFNN
Score

7^/10

banker collection credential_access discovery evasion execution persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral2

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral3

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence