spynote | d9c4622355c9a9be398024b5e2242830e2244a0837991aafc053b71072ab798b | Triage

Sharing

General

Target

CLARO-5G.zip
Size

6.8MB
Sample

241114-r4hxyszngs
MD5

3f30b04060504b8eee10f63a7b5ee333
SHA1

84ccda1cd82d49adeee8728c2d7c030b00b06894
SHA256

d9c4622355c9a9be398024b5e2242830e2244a0837991aafc053b71072ab798b
SHA512

49c579451c28feda2fc7365e0bdccc5b7058b8785787fe974d0ab6c30e79b374177150db10924ebd35fdad542412cb75dcd9b2f203df98f1ad9730b4cc48a968
SSDEEP

196608:MfXWlUXemq1XeagrhxvNG426d9wjERzBSa38b4/:IWKOmum5Nn267BSa3k4/

Score

10^/10

spynote android collection credential_access evasion execution persistence

Malware Config

Targets

- Target
  
  CLARO-5G.apk
- Size
  
  7.2MB
- MD5
  
  43f0666454fbd9e1721437356babda3f
- SHA1
  
  add72ffc5ffa3917584ac939b12d788e636d96c7
- SHA256
  
  e78346971e8dce0e8de9870cc99e49d781afc77e87850da3de032544435d4492
- SHA512
  
  59ec8fbc513d51ee5759c72f49a12f9801fa1f4eff4ab5b67feb12b18682a48df352e5d38f77932c779f7fef36e53a2399d19dfd2143f0fe8a3d0f82cd7857a2
- SSDEEP
  
  196608:uo/+SKv1TkVPx1POQe8/tkzuRr7rHVz/qI+jleBe:uqzKszP9e8AuRrvVDjylce
Score

1^/10
behavioral1
- Target
  
  childapp.apk
- Size
  
  9.3MB
- MD5
  
  b20e273e5bc99b5d115a4108f5e4b550
- SHA1
  
  befd7ec041fa7075c8b49b5368ea7742d4bd5317
- SHA256
  
  b5f42e08be6a3c66ca238054fad40ace33884d070f732c9a652acce38badd381
- SHA512
  
  f3c980d97c046753256eebc8c70e401ee3d19d5d1570ebcc78e99804ef232ec5166ffdd002c325e4b2f00107a50182e7419a13bdd9a4bc3e96d0b269197136da
- SSDEEP
  
  98304:umzBGTPmzkny0t7DPJ7Ko4RUthgO5O6P6T55NZY7:Kezkx77J7Ko4RNO5+55NZY7
Score

7^/10

collection credential_access evasion execution persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

behavioral2

collectioncredential_accessevasionexecutionpersistence