Overview

overview

10

Static

static

6

AEMET_546.apk

android-9-x86

4

AEMET_546.apk

android-10-x64

1

AEMET_546.apk

android-11-x64

10

Analysis

  • max time kernel
    7s
  • max time network
    152s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    12-11-2024 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AEMET_546.apk

  • Size

    8.8MB

  • MD5

    989063f16a666ad17d7e09e92f55b2f7

  • SHA1

    51f835e73483de82708133666136f1cdd3edd536

  • SHA256

    96d921e36981c3b83e0edb417f11966bfe2506b4b0d7c4cdbbbe797997214400

  • SHA512

    c75fbb632f91ad296399560e1caf2cae0a9802075f636b971e7c1eadf7c202055fe5fa1282dff94bce08efef072299541c8a18912b328b618235c386ed958619

  • SSDEEP

    196608:P9QjYbPF7R67Wz+1hyUtF+RDt5DhztlSFmWi1uI2Th5:P9QqPeKz+1hTF+RJ5dzDScfuI2/

Score
10/10
spynotebankerimpactinfostealerrattrojan

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote family
    spynote
  • Spynote payload 1 IoCs
  • Attempts to obfuscate APK file format

    Applies obfuscation techniques to the APK format in order to hinder analysis

  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 3 IoCs
  • Requests dangerous framework permissions 15 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • operation.surprise.sequel
    1⤵
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4776

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/operation.surprise.sequel/cache/DBtMXcRf.apk
    Filesize

    8.2MB

    MD5

    2a196f72ec81faa752957f81222dbe3d

    SHA1

    ca3c451c697be9b31b0301632a4c61279a16473e

    SHA256

    d9e7c484d439cfa181ff9a14aabcc4117b48bb0232e39d5abf93d114210d0130

    SHA512

    c9aa805f1be1004b414d8cbcb7791501c1b716c0146c08d2323f1321570986ec1f28c33fe66c48a5aec3d3ade5d11ba152d9f7f45fd4f480a7787e1035e63d1e

    Download Submit

  • /data/data/operation.surprise.sequel/cache/DBtMXcRf.apk
    Filesize

    7.4MB

    MD5

    e5de67d62143871aaed948808cc4d5a1

    SHA1

    f134919f2b6482cfb0017cfc8ea6d7b5c8e0b1e0

    SHA256

    7da283f0e155e0971e75a229c690f7c9efb32472c329c6f4cbd855a4ed6954a8

    SHA512

    28e519c96cc57e8419c1415f8006a93cd597c8e5549ad14826d3d2f47a9a1669358f5cbb4b92b93009326a386e24f208838159f2e7f63fa8fc23f91193b5d087

    Download Submit

  • /data/data/operation.surprise.sequel/cache/DBtMXcRf.apk
    Filesize

    8.2MB

    MD5

    1f32523443ded31f3087085d2376201a

    SHA1

    095dae411b66727c9964b5bc15c99f0f188eb102

    SHA256

    12586176838a04b1ac596888932c0c15d5d14b5356085225d2d0726c50a58fbb

    SHA512

    94884a41b0a308619817b529f5ea35ee13e862134d5f59fd5569731eecee17493e84e15cd8a01195e0ae889fe20e46c4bc111ceddc604946043ebb1df59e7592

    Download Submit

  • /data/data/operation.surprise.sequel/files/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫
    Filesize

    8.6MB

    MD5

    43879af2c71ce53e2c6491c2e958b754

    SHA1

    06c7991ad442d2eb7ac0adf3438ca4b205f5ad21

    SHA256

    d405c4e20296f1ecaac33fb7f7b7a4a0f9e2df36d185043960826cf89e38b754

    SHA512

    f3a9eae742772e8161909ffc94a36d3175bcac42ecdb9288ae323591d337c1d6bc0955f5b0fab2222e00ebb68f09b95851eb50b0a9bc47951446be9127cc4055

    Download Submit

  • /data/data/operation.surprise.sequel/files/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫.
    Filesize

    1B

    MD5

    cfcd208495d565ef66e7dff9f98764da

    SHA1

    b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

    SHA256

    5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

    SHA512

    31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

    Download Submit