Overview

overview

10

Static

static

6

BaniizKedra (2).apk

windows7-x64

3

BaniizKedra (2).apk

windows10-2004-x64

3

BaniizKedra (2).apk

windows10-ltsc 2021-x64

3

BaniizKedra (2).apk

windows11-21h2-x64

3

BaniizKedra (2).apk

android-10-x64

10

BaniizKedra (2).apk

android-11-x64

10

BaniizKedra (2).apk

android-13-x64

10

BaniizKedra (2).apk

android-9-x86

10

BaniizKedra (2).apk

macos-10.15-amd64

4

BaniizKedra (2).apk

debian-12-armhf

BaniizKedra (2).apk

debian-12-mipsel

BaniizKedra (2).apk

debian-9-armhf

BaniizKedra (2).apk

debian-9-mips

BaniizKedra (2).apk

debian-9-mipsel

BaniizKedra (2).apk

ubuntu-18.04-amd64

BaniizKedra (2).apk

ubuntu-20.04-amd64

BaniizKedra (2).apk

ubuntu-22.04-amd64

BaniizKedra (2).apk

ubuntu-24.04-amd64

Analysis

  • max time kernel
    1799s
  • max time network
    1800s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    17-11-2024 19:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BaniizKedra (2).apk

  • Size

    5.4MB

  • MD5

    6a127ad272931ce3e1030ed1269087ac

  • SHA1

    69c36bb20d07217fc90ad0881296be236ce85d2a

  • SHA256

    34f9d74a7696be56b453e0af51eaca2188ec938d9e9b7eac94b5457bf4a3ea9a

  • SHA512

    d6b2f5e60040522abc4805431fa5634c13dddd86efd76ec342055c2dc819c422b74424624820c285bf462b814ca557c1a0f1a8398d8711f6005edb69aec331a9

  • SSDEEP

    98304:fKIKBRU4rZpxd2pOrO2jVuk1M24M4dlMr4ZNHDHUoWRfB:4xl3SOrOlk1L4lM0ZNHDH8B

Score
10/10
spynotebankercollectioncredential_accessevasionexecutioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

spynote

C2

5.42.92.219:7771

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote family
    spynote
  • Spynote payload 1 IoCs
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • discharge.postcard.laughing
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Performs UI accessibility actions on behalf of the user
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:5050

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/discharge.postcard.laughing/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    7.1MB

    MD5

    0d3537e7d3e8f67095961747753fed34

    SHA1

    2abadf6ce7da1c6a30d20cf7201a355b0a677cc6

    SHA256

    afce0f84f7a803bd6ea10e0f9758d5fa31258211f1a3d4c67657603ef65dd40c

    SHA512

    640ddfeba4a2e9ae06ff2516cd5a906c4cb8dc7bda85d3e490f21ba06100fe65e2d0e2c524d413cb936062fa1188ea7de6d6e5422016d1997dade88fa227f48b

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-17.txt
    Filesize

    61B

    MD5

    ada9d3708037b4fdf3b6126f46fc4c87

    SHA1

    f940b3ba053479049f18aa9276a39515af9bbeca

    SHA256

    98b4b5736310ee3c951ebbbf2986516bc0ba923d575f5c657981ef2c26ff772c

    SHA512

    0350786f37af4b0abd59be2deeab1679031e800677eaa2691336bfbd50e05c5000ff3573e82fad28ba924a8bdc18402cf27363ec23a0630c061ee7ad52c1810a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-17.txt
    Filesize

    41B

    MD5

    9b34035f49b41c6570eabd93938f6d9a

    SHA1

    431432361dd3deaa06eb8a7031da2b489fbf8f0e

    SHA256

    3eac71cedb99b42276a8c5efbe5f522b2db2f737c24cdafd0b8e233b66cd42cf

    SHA512

    3a73d0aad4d7c07ebe8101042c66827664a39a24eb449c94d7564c12911f0bfd361c374abb20366f458b83969898509726df4c3c9be95f3914b48799957b6d1a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-17.txt
    Filesize

    29B

    MD5

    beeee0c05632c572484e90ff57994a29

    SHA1

    1ca5c1dc3b318b56162aa2eb49d43dd4cf2ae841

    SHA256

    a0962c700a11a232386ceac135e0343d6aca311ff0cceb75556e0c45fb8fc527

    SHA512

    caed1d80812a0eb2ec34e117d0424eabb4d2128fa58d5c77dda5fc25458a47cf43719d98a36d1f5007b22bc546a76f1531de4006d0e49807d697b43d0e4fefdc

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-17.txt
    Filesize

    280B

    MD5

    402f1ce63dd5b5c973de6c6fd51e02ea

    SHA1

    66babb8f8118bfae26485119edb674c7430a421f

    SHA256

    7b78f9bf68816ce90b2b9ffa221bbe639c13f7848f38c69c8acf2b7c79f4755f

    SHA512

    94be054c10e492901c0a20533a16d45bddec5d8681cab9ddaa432f99e9d7ff284cae318fa768001258c39f185eb2b30b218bed0d1e694b3d93f7e12c186aa551

    Download Submit