spynote | 1707a0174afe038c3c20d4ddd287efd1aeacec6ea2cab2b25d80afed33ecc47d | Triage

Sharing

General

Target

74e0150f6ef4439751747cfe9517e366.bin
Size

3.7MB
Sample

241107-byd4ta1nax
MD5

31e7c9ef7eedd559606c281c71a9b19c
SHA1

bd9f457b6c14bf6168e09960eeff256dbe875dcc
SHA256

1707a0174afe038c3c20d4ddd287efd1aeacec6ea2cab2b25d80afed33ecc47d
SHA512

275ad1840ba49df011efcda5fbbef35307ef8050b02fd947ba5a8c616d47580111323dd7a27a807ef2db31afd0d6693ec1622a9c70d9170686860e165399828d
SSDEEP

98304:8yWhBdQAtvsjQGVE0d3sGbqR1JytvsKvsJ7hhc7Y:F0B3SQOpsEQJyvQZ

Score

10^/10

spynote android banker collection credential_access discovery evasion execution persistence

Malware Config

Targets

- Target
  
  cf8aa2879623a59edd582a86cc22dfa1a082d8854659a5c64134ca9c622a093d.zip
- Size
  
  4.6MB
- MD5
  
  74e0150f6ef4439751747cfe9517e366
- SHA1
  
  97de7ecf82670c8f882ffb442ae916d19b2bbc5c
- SHA256
  
  cf8aa2879623a59edd582a86cc22dfa1a082d8854659a5c64134ca9c622a093d
- SHA512
  
  7bf355ee1e17c34f277a74d513bb9f3250a4f43a0deb22bd89f15c36b424cbbc10ce61cfdb2029261bd847ced743f8eb353c58402951a4e65b3377d79e765eb6
- SSDEEP
  
  98304:2NwDuzBQTlmzf7UhX73k+8CfVALGIDNGfzqA0fe0tcvizrP+Kpc:2KIzTQT+0VACecfzqA0fFiKpc
Score

7^/10

banker collection credential_access discovery evasion execution persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral2

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral3

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence