Overview

overview

10

Static

static

6

ceксуа...и.apk

windows7-x64

3

ceксуа...и.apk

windows10-2004-x64

3

ceксуа...и.apk

windows10-ltsc 2021-x64

3

ceксуа...и.apk

windows11-21h2-x64

3

ceксуа...и.apk

android-10-x64

10

ceксуа...и.apk

android-11-x64

1

ceксуа...и.apk

android-13-x64

10

ceксуа...и.apk

android-9-x86

10

ceксуа...и.apk

macos-10.15-amd64

4

ceксуа...и.apk

debian-12-armhf

ceксуа...и.apk

debian-12-mipsel

ceксуа...и.apk

debian-9-armhf

ceксуа...и.apk

debian-9-mips

ceксуа...и.apk

debian-9-mipsel

ceксуа...и.apk

ubuntu-18.04-amd64

ceксуа...и.apk

ubuntu-20.04-amd64

ceксуа...и.apk

ubuntu-22.04-amd64

ceксуа...и.apk

ubuntu-24.04-amd64

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    11-11-2024 17:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ceксуальные фоточки.apk

  • Size

    4.3MB

  • MD5

    91eaf17f7c0bd30a940ba59bdce10f0d

  • SHA1

    dfeb11ecfeb42f1e6b5e579189d419973e2b3ac6

  • SHA256

    0fefe74d649c4a9026762b125c3a9bf9d9b81397f098897bf40e7198b22ad147

  • SHA512

    c554a391099c6ba0e22b50a5fd6e7833bfd33888fdec9913772765a1bd7682bd2eb98d114bb1a4d3139379f37c10b72b192e685b486c1ccdcfac5a494e957c76

  • SSDEEP

    98304:KQgmulr7nfBWdyVcbfAArBFOf/5SGMvvT4FPG+:0R7fBWdOcbBBFOf/0GMvvS

Score
10/10
spynotebankercollectioncredential_accessevasionexecutioninfostealerpersistencerattrojan

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote family
    spynote
  • Spynote payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • highs.isolated.onto
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Schedules tasks to execute at a specified time
    PID:4347

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml
    Filesize

    5.1MB

    MD5

    9121fe8b27e2555f7bd0a0d98a87f5c9

    SHA1

    a89092cf8c5ba5fe4588795b43a7ab4ba624e26a

    SHA256

    fa2f7427bb06bb32ce75a641317aff06215ee1ee729fb533e3185eb6fd039e4f

    SHA512

    ad17edfba4efa19e5dc2a12bde7dddd422001bb563235eb90109dc309de09bec72879398eb9f8e42fae2a3a285035bbf03ca2e1709fdff14c3ee740c640ac66e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
    Filesize

    53B

    MD5

    d02434b5bafa95a4f5cf759bc2874d00

    SHA1

    64ea5089fd67106636ae5080cd19fca1dc2ff6d4

    SHA256

    41f7fb0bda7cf332ff0a6970eaf5bee5a37ef17062436a07b734b66c32ea3c4a

    SHA512

    cb79a158c6fc092ec9a1fb8a6225c75dc93aa0eab8e42ab8fd1bad78eac3584f247841d832d941a3c1c22b761532a83631794fcf3fbd44f391802f15128f2b9c

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
    Filesize

    61B

    MD5

    2f11c0f171c486b5348081d9aed35aa5

    SHA1

    fff6ea893cb148c73786e2f9ed58a00eae0edea3

    SHA256

    e1b6daedf9f44bac415663ad6ed5dd676f8017572bbd39fd614f8260ef1a8926

    SHA512

    905393eb96baf84165e4abf66fac80f8d74b366ca900928becefad900e71844ab4e17dcdb4c8093fbcb47a21ebf98f1b38f341e918a25bff7909a037445f2021

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
    Filesize

    90B

    MD5

    12addd9a71435a3969cacfd169ce8bf3

    SHA1

    20c0f94730a4b3b8a27bd184f3b09be5cfbf5263

    SHA256

    202caf0697a956a5b984e2655d425531b86697bd769155ae48f71423235c24eb

    SHA512

    10d6706506598cf2663c2ec9de6902eda359f88084469dca6c3fc92264d014d280164bff6bb8423ac2d1a50fce24514c30943d6f9280870d561ce51bad1c99ff

    Download Submit