Overview

overview

10

Static

static

6

ceксуа...и.apk

windows7-x64

3

ceксуа...и.apk

windows10-2004-x64

3

ceксуа...и.apk

windows10-ltsc 2021-x64

3

ceксуа...и.apk

windows11-21h2-x64

3

ceксуа...и.apk

android-10-x64

10

ceксуа...и.apk

android-11-x64

1

ceксуа...и.apk

android-13-x64

10

ceксуа...и.apk

android-9-x86

10

ceксуа...и.apk

macos-10.15-amd64

4

ceксуа...и.apk

debian-12-armhf

ceксуа...и.apk

debian-12-mipsel

ceксуа...и.apk

debian-9-armhf

ceксуа...и.apk

debian-9-mips

ceксуа...и.apk

debian-9-mipsel

ceксуа...и.apk

ubuntu-18.04-amd64

ceксуа...и.apk

ubuntu-20.04-amd64

ceксуа...и.apk

ubuntu-22.04-amd64

ceксуа...и.apk

ubuntu-24.04-amd64

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    11-11-2024 17:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ceксуальные фоточки.apk

  • Size

    4.3MB

  • MD5

    91eaf17f7c0bd30a940ba59bdce10f0d

  • SHA1

    dfeb11ecfeb42f1e6b5e579189d419973e2b3ac6

  • SHA256

    0fefe74d649c4a9026762b125c3a9bf9d9b81397f098897bf40e7198b22ad147

  • SHA512

    c554a391099c6ba0e22b50a5fd6e7833bfd33888fdec9913772765a1bd7682bd2eb98d114bb1a4d3139379f37c10b72b192e685b486c1ccdcfac5a494e957c76

  • SSDEEP

    98304:KQgmulr7nfBWdyVcbfAArBFOf/5SGMvvT4FPG+:0R7fBWdOcbBBFOf/0GMvvS

Score
10/10
spynotebankercollectioncredential_accessevasionexecutioninfostealerpersistencerattrojan

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote family
    spynote
  • Spynote payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • highs.isolated.onto
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4941

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml
    Filesize

    5.1MB

    MD5

    9121fe8b27e2555f7bd0a0d98a87f5c9

    SHA1

    a89092cf8c5ba5fe4588795b43a7ab4ba624e26a

    SHA256

    fa2f7427bb06bb32ce75a641317aff06215ee1ee729fb533e3185eb6fd039e4f

    SHA512

    ad17edfba4efa19e5dc2a12bde7dddd422001bb563235eb90109dc309de09bec72879398eb9f8e42fae2a3a285035bbf03ca2e1709fdff14c3ee740c640ac66e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
    Filesize

    53B

    MD5

    f2e91c333a24b62b032a15e8c4f61ddb

    SHA1

    914c1477e80e1701694b7bee7d5a17139197f3b5

    SHA256

    e98520f18a529dc84fa8f6d4277859ee6081dabb8d9c743f9ae9c0be5f84ba88

    SHA512

    a9b6fe06f4335f0e9a71760d6e491a1a1a10735bb621e6edbfddbaa23752791696d76efe0d9ca1a12e17d5cd89d1c0036669f97c2c2708d4ec4cfca2f2be4ee8

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
    Filesize

    163B

    MD5

    a2add32bf8e6a9835608f5d3d59d62c4

    SHA1

    63a7b0b127cda761511c77bc72e4848094558eca

    SHA256

    e8c1cf7509a524af7deb6cd7ed39c8705272708f43fb5560e0830286ae9009a6

    SHA512

    a85fd4e838a0d20ffa7a91d536fe7e6d4da4a69f5240906ff7b9093434974840f214f53c094eb1cda3c4fb51a0dcc2b7b35065458bff7cece693f73312cacc6d

    Download Submit