spynote | fb87e7cecd44215b05c2e26a1ecf803ca23c53e899d87f2f0ed0b3827d3862df | Triage

Sharing

General

Target

fb87e7cecd44215b05c2e26a1ecf803ca23c53e899d87f2f0ed0b3827d3862df.bin
Size

787KB
Sample

241113-116dhstmdp
MD5

ac2d95af322130f8f9aa9e60b6c40ac4
SHA1

37c3deee6c7c0e9633180d3c62f29673d67a176a
SHA256

fb87e7cecd44215b05c2e26a1ecf803ca23c53e899d87f2f0ed0b3827d3862df
SHA512

f31f96deddc284d9059c5f7479695ae9cbc839dc87c11a650cf971cbb6145aefb26fddb590a9de846426003aa707b91d51510911761bd82ab323a0aa21eab5c5
SSDEEP

12288:5kpwa1a8Lze878FqVNuGX85WmpYshXZPbGwidNpgO:Cpwa1ame874qVNZX85WmD9idNpJ

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

xgsgf75.localto.net:3565

Targets

- Target
  
  fb87e7cecd44215b05c2e26a1ecf803ca23c53e899d87f2f0ed0b3827d3862df.bin
- Size
  
  787KB
- MD5
  
  ac2d95af322130f8f9aa9e60b6c40ac4
- SHA1
  
  37c3deee6c7c0e9633180d3c62f29673d67a176a
- SHA256
  
  fb87e7cecd44215b05c2e26a1ecf803ca23c53e899d87f2f0ed0b3827d3862df
- SHA512
  
  f31f96deddc284d9059c5f7479695ae9cbc839dc87c11a650cf971cbb6145aefb26fddb590a9de846426003aa707b91d51510911761bd82ab323a0aa21eab5c5
- SSDEEP
  
  12288:5kpwa1a8Lze878FqVNuGX85WmpYshXZPbGwidNpgO:Cpwa1ame874qVNZX85WmD9idNpJ
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation