Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

a0070974a2...58.apk

android-9-x86

a0070974a2...58.apk

android-10-x64

10

a0070974a2...58.apk

android-11-x64

10

Analysis

  • max time kernel
    299s
  • max time network
    307s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    14/11/2024, 14:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0070974a24a222d1056de51adec816c4688d3128128ee083f4eda8a76407d58.apk

  • Size

    5.6MB

  • MD5

    6bf938c2f104c4d2bd263dbbc13f38e6

  • SHA1

    9826b354f2025b2e6c4a81d5ee73f0d241bee875

  • SHA256

    a0070974a24a222d1056de51adec816c4688d3128128ee083f4eda8a76407d58

  • SHA512

    559ba139dca2d97a8fb22f4206a9366c4ada70516af204fcbe09af26fcc80daffd2cacb2aa2f0d341c47a722efd6d7487c2dea0d98d5af172bf9dd6092bfe9fc

  • SSDEEP

    98304:TnAhTFNfoMueI3SuJnNYyaZQc+tS4ifp8agWoFkmDvWOCbc59fM:TniTF15ue4SuJ+UxtSfKagjkm6yg

Score
10/10
spynotebankercollectioncredential_accessevasionexecutioninfostealerpersistencerattrojan

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote family
    spynote
  • Spynote payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • build.ledear.bmrjo
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Schedules tasks to execute at a specified time
    PID:4610

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/build.ledear.bmrjo/app_apkprotector_dex/classes-v1.bin
    Filesize

    3.5MB

    MD5

    df73fd869c827cb2b84afd4973099d25

    SHA1

    261d70e5fd5d86d1bf0c0e42056a88f0d03f7938

    SHA256

    0fc2e5d59e0a303fbc8d50e7f40011ccd94d53e0e5d8858c02f16e173ad3de2c

    SHA512

    502a332dd3c60e2beb6d8aae94229133fce480b1ed7d3526c8453e23b423c0062543f2042795c612b3ef7a2108c5b01d610bae4383fc64209dcd2cfe1082e4ed

    Download Submit