spynote | 4e3f9b875acc9c3bc61640b5f1f5657cada06b9d329c51d5e692c0fb123cec48 | Triage

Sharing

General

Target

com.baniiz.kedra.apk
Size

8.1MB
Sample

241110-rnd9tsyekg
MD5

f46d9bbfdf0f4dc2700c9ba2a97f6bb6
SHA1

e7b00fc293206af92bdda8bbf1aeb2b21a89802c
SHA256

4e3f9b875acc9c3bc61640b5f1f5657cada06b9d329c51d5e692c0fb123cec48
SHA512

be72caf0b9f088c5f5e603ac8610f7a8691cc2c48a93314029df3cc92f066f20c97cd4d4b668a2dc3ce2561a881996fc678c6df23116c66a8246e38158d4a881
SSDEEP

196608:ImL6smkwhX0V83qtg8mUzlaLEJaDRDTDYr:ssFwrwg8n0MaVncr

Score

10^/10

spynote android banker collection credential_access discovery evasion execution persistence

Malware Config

Targets

- Target
  
  com.baniiz.kedra.apk
- Size
  
  8.1MB
- MD5
  
  f46d9bbfdf0f4dc2700c9ba2a97f6bb6
- SHA1
  
  e7b00fc293206af92bdda8bbf1aeb2b21a89802c
- SHA256
  
  4e3f9b875acc9c3bc61640b5f1f5657cada06b9d329c51d5e692c0fb123cec48
- SHA512
  
  be72caf0b9f088c5f5e603ac8610f7a8691cc2c48a93314029df3cc92f066f20c97cd4d4b668a2dc3ce2561a881996fc678c6df23116c66a8246e38158d4a881
- SSDEEP
  
  196608:ImL6smkwhX0V83qtg8mUzlaLEJaDRDTDYr:ssFwrwg8n0MaVncr
Score

7^/10

banker collection credential_access discovery evasion execution persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral2

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral3

collectioncredential_accessevasionexecutionpersistence

behavioral4