Overview

overview

10

Static

static

6

AEMET_195.apk

android-9-x86

4

AEMET_195.apk

android-10-x64

10

AEMET_195.apk

android-11-x64

10

Resubmissions

12-11-2024 13:11

241112-qe1k2atcjk 10

11-11-2024 16:02

241111-tgvpca1fmc 10

Analysis

  • max time kernel
    33s
  • max time network
    151s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    12-11-2024 13:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AEMET_195.apk

  • Size

    8.8MB

  • MD5

    989063f16a666ad17d7e09e92f55b2f7

  • SHA1

    51f835e73483de82708133666136f1cdd3edd536

  • SHA256

    96d921e36981c3b83e0edb417f11966bfe2506b4b0d7c4cdbbbe797997214400

  • SHA512

    c75fbb632f91ad296399560e1caf2cae0a9802075f636b971e7c1eadf7c202055fe5fa1282dff94bce08efef072299541c8a18912b328b618235c386ed958619

  • SSDEEP

    196608:P9QjYbPF7R67Wz+1hyUtF+RDt5DhztlSFmWi1uI2Th5:P9QqPeKz+1hTF+RJ5dzDScfuI2/

Score
10/10
spynotebankerimpactinfostealerrattrojan

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote family
    spynote
  • Spynote payload 1 IoCs
  • Attempts to obfuscate APK file format

    Applies obfuscation techniques to the APK format in order to hinder analysis

  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 3 IoCs
  • Requests dangerous framework permissions 15 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • operation.surprise.sequel
    1⤵
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5101

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/operation.surprise.sequel/cache/DBtMXcRf.apk
    Filesize

    8.2MB

    MD5

    2a196f72ec81faa752957f81222dbe3d

    SHA1

    ca3c451c697be9b31b0301632a4c61279a16473e

    SHA256

    d9e7c484d439cfa181ff9a14aabcc4117b48bb0232e39d5abf93d114210d0130

    SHA512

    c9aa805f1be1004b414d8cbcb7791501c1b716c0146c08d2323f1321570986ec1f28c33fe66c48a5aec3d3ade5d11ba152d9f7f45fd4f480a7787e1035e63d1e

    Download Submit

  • /data/data/operation.surprise.sequel/files/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫
    Filesize

    8.6MB

    MD5

    43879af2c71ce53e2c6491c2e958b754

    SHA1

    06c7991ad442d2eb7ac0adf3438ca4b205f5ad21

    SHA256

    d405c4e20296f1ecaac33fb7f7b7a4a0f9e2df36d185043960826cf89e38b754

    SHA512

    f3a9eae742772e8161909ffc94a36d3175bcac42ecdb9288ae323591d337c1d6bc0955f5b0fab2222e00ebb68f09b95851eb50b0a9bc47951446be9127cc4055

    Download Submit

  • /data/data/operation.surprise.sequel/files/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫.
    Filesize

    1B

    MD5

    cfcd208495d565ef66e7dff9f98764da

    SHA1

    b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

    SHA256

    5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

    SHA512

    31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

    Download Submit