Overview

overview

10

Static

static

10

GoodYear.apk

android-9-x86

1

GoodYear.apk

android-10-x64

1

GoodYear.apk

android-11-x64

1

childapp.apk

android-9-x86

7

childapp.apk

android-10-x64

7

childapp.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GoodYear.apk

  • Size

    7.7MB

  • Sample

    241107-xhhmyszlgk

  • MD5

    005be09b7dc462adddda10384848699a

  • SHA1

    8bd96e42962f1b314da8f12a3857e37ca035813b

  • SHA256

    1a878d131a56ae24c073f1440667186e346a786cda086ce5d19567858ecaa5ae

  • SHA512

    d81ee24925af41ed52582b5a7f93334b31790f28edfb119778fa0487432ca057e9a5212a3e32021a6d6c679e3c870ead1c613212ef6528b985eb24d21b829aac

  • SSDEEP

    196608:6QGu8ziWThIPWILm+02rW+vAsSP8o5npZgczezXl4RXrk:Su8x4WILX026SAtPZZgGK

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      GoodYear.apk

    • Size

      7.7MB

    • MD5

      005be09b7dc462adddda10384848699a

    • SHA1

      8bd96e42962f1b314da8f12a3857e37ca035813b

    • SHA256

      1a878d131a56ae24c073f1440667186e346a786cda086ce5d19567858ecaa5ae

    • SHA512

      d81ee24925af41ed52582b5a7f93334b31790f28edfb119778fa0487432ca057e9a5212a3e32021a6d6c679e3c870ead1c613212ef6528b985eb24d21b829aac

    • SSDEEP

      196608:6QGu8ziWThIPWILm+02rW+vAsSP8o5npZgczezXl4RXrk:Su8x4WILX026SAtPZZgGK

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      childapp.apk

    • Size

      20.3MB

    • MD5

      008ec09f044eec72d1305f66637e06cd

    • SHA1

      b8738bc279e3ec972bd6ee4a42e7c67125cbcaf7

    • SHA256

      182598d5b557600faff22dc8f6dd713348ad79e96ddd994280b4b1267e809e2f

    • SHA512

      684ba9fbd4848da542499b440100d401408cb7599c4a45cb95643581eccd409d7c25b86196ba0df209cbab37ad428121fb21a8822154ed1e251213418806370c

    • SSDEEP

      98304:YSzBzTRmz4tQGvm86p0U6XeADO8KbFmRKER+0twB+UJzT5iBCoyCOP0L3ix:tUz4tQGu8qOXen8WFmUEnw4ozToXOkO

    Score
    7/10
    bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion
    behavioral4behavioral5behavioral6

MITRE ATT&CK Mobile v15

Tasks