Extracted

• • Target

    So2.apk

  • Size

    1.5MB

  • MD5

    27854fa8fd2cdf893fccc964bb68bfe8

  • SHA1

    f104284d5f03ad564ad63ba313c875146271130e

  • SHA256

    7d9215824ef31a2d85c9cc1cdf5850483ed8ad8cd28a54028ea653486242423d

  • SHA512

    d591864ed48f9b9ac124763ca49d91d89ea036959d0921166f1b5a0ed786fc646bdf4cde7058e66848df88c93ef8cdf4c95e552709e7bdaca62913261c8939f0

  • SSDEEP

    24576:48a1a2es2CY6a1a2erjLTsi5WmD9idNph/hJeA5WmD9idNpB:48a1aY2J6a1aXvhWk0d/h5zWk0d/B

  Score

  10^/10

  spynotebankerdiscoveryevasionimpactinfostealerpersistenceprivilege_escalationrattrojan

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote

  • Spynote family

    spynote

  • Spynote payload

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Declares broadcast receivers with permission to handle system events

  • Declares services with permission to bind to the system

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Requests dangerous framework permissions

  • Requests enabling of the accessibility settings.

  • Tries to add a device administrator.

    privilege_escalationimpact
  behavioral1behavioral2behavioral3