Overview

overview

10

Static

static

6

ceксуа...и.apk

windows7-x64

3

ceксуа...и.apk

windows10-2004-x64

3

ceксуа...и.apk

windows10-ltsc 2021-x64

3

ceксуа...и.apk

windows11-21h2-x64

3

ceксуа...и.apk

android-10-x64

10

ceксуа...и.apk

android-11-x64

1

ceксуа...и.apk

android-13-x64

10

ceксуа...и.apk

android-9-x86

10

ceксуа...и.apk

macos-10.15-amd64

4

ceксуа...и.apk

debian-12-armhf

ceксуа...и.apk

debian-12-mipsel

ceксуа...и.apk

debian-9-armhf

ceксуа...и.apk

debian-9-mips

ceксуа...и.apk

debian-9-mipsel

ceксуа...и.apk

ubuntu-18.04-amd64

ceксуа...и.apk

ubuntu-20.04-amd64

ceксуа...и.apk

ubuntu-22.04-amd64

ceксуа...и.apk

ubuntu-24.04-amd64

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    11-11-2024 17:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ceксуальные фоточки.apk

  • Size

    4.3MB

  • MD5

    91eaf17f7c0bd30a940ba59bdce10f0d

  • SHA1

    dfeb11ecfeb42f1e6b5e579189d419973e2b3ac6

  • SHA256

    0fefe74d649c4a9026762b125c3a9bf9d9b81397f098897bf40e7198b22ad147

  • SHA512

    c554a391099c6ba0e22b50a5fd6e7833bfd33888fdec9913772765a1bd7682bd2eb98d114bb1a4d3139379f37c10b72b192e685b486c1ccdcfac5a494e957c76

  • SSDEEP

    98304:KQgmulr7nfBWdyVcbfAArBFOf/5SGMvvT4FPG+:0R7fBWdOcbBBFOf/0GMvvS

Score
10/10
spynotebankercollectioncredential_accessevasionexecutioninfostealerpersistencerattrojan

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote family
    spynote
  • Spynote payload 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • highs.isolated.onto
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4255
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/highs.isolated.onto/app_mph_dex/oat/x86/apk.crazy-v1.AndroidManifest.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4285

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml
    Filesize

    5.1MB

    MD5

    9121fe8b27e2555f7bd0a0d98a87f5c9

    SHA1

    a89092cf8c5ba5fe4588795b43a7ab4ba624e26a

    SHA256

    fa2f7427bb06bb32ce75a641317aff06215ee1ee729fb533e3185eb6fd039e4f

    SHA512

    ad17edfba4efa19e5dc2a12bde7dddd422001bb563235eb90109dc309de09bec72879398eb9f8e42fae2a3a285035bbf03ca2e1709fdff14c3ee740c640ac66e

    Download Submit

  • /data/user/0/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml
    Filesize

    5.1MB

    MD5

    1350536f9016bc8248d7afe33667631b

    SHA1

    48b4bf420af3894cdb4a13ba2497527f1c25be07

    SHA256

    b51235742289a393597bbfde680ddf68a9fd85023e27c76cd48063300b67df71

    SHA512

    77ae2d5e424568668ee1b0cfa9d1dac2833001f13884b5f66305844a8e9af82c57ecc6f8916676286e2d17179ead2690d0f5f8dca086b6c416559256638a9107

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
    Filesize

    90B

    MD5

    ca68baab0f1316a8cde82699ec235743

    SHA1

    3dd60ece1027599714d179b4ab822c90f3664bbe

    SHA256

    a624b2f31ae4b4bbfaf59a7237388e9314dc60167e38b8f942757e9eff291fca

    SHA512

    1d8294dbcba8e2ab1137ff1b7dcf83767b0ba6d8084218b63e2e87a560d1c17740ee37b058c7a647e5e8796f3acfdcbb945bc15d0c0aaf26ca2db64af48e0604

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
    Filesize

    86B

    MD5

    0e2c531058b7ba86b8278e5103fcb6b1

    SHA1

    07624f9348bbf1b68166e9fa3889792d17f2a7bf

    SHA256

    4194d91d3c28557e2933fb821052cb229d34edb427ecd5c9caa76c2fe6a1b198

    SHA512

    f3f64222df65bb6a0df7081e172c75a2a987a76108844606d01b73774c661068c5e9b610a87940f824f5403f19aee64415fcdfddbde5d776e7d92b50f4b738f6

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
    Filesize

    90B

    MD5

    4262b2da9743d7bd22721ab622bdaed1

    SHA1

    f48e52a5ade483ef4f91f6af47c577260d4ce8d3

    SHA256

    b334a8aa870a7010368d979cdadffc687ef58e543b00ad2be05cf1d3069f20f8

    SHA512

    772bf8bc365b8b703d14fe3d26f9dcbfddf27810fd6913bfa757cc61b2388ecf76cc011cbe65778ae254062cf321339104c996128d81897d61c28caa8ef007cd

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
    Filesize

    53B

    MD5

    5971799fd5c8426f2052e572b7b42256

    SHA1

    b227c5af9abd84aa926baf47d37c769c46bd6326

    SHA256

    cecd5d609979c026f9516e1b0811bce025bd096e7754e1fdc2ff4c16a55d8fae

    SHA512

    57e58569ffe3cdf8ec8558b6e2fc2f81bfd0989331bf1e0981251bbb50885c6cdc5ecb83dd1bb403edd63bcc6988f4871b1cf05a4893709da4e7e84fd31bde8a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
    Filesize

    53B

    MD5

    d02434b5bafa95a4f5cf759bc2874d00

    SHA1

    64ea5089fd67106636ae5080cd19fca1dc2ff6d4

    SHA256

    41f7fb0bda7cf332ff0a6970eaf5bee5a37ef17062436a07b734b66c32ea3c4a

    SHA512

    cb79a158c6fc092ec9a1fb8a6225c75dc93aa0eab8e42ab8fd1bad78eac3584f247841d832d941a3c1c22b761532a83631794fcf3fbd44f391802f15128f2b9c

    Download Submit