Overview

overview

10

Static

static

6

BaniizKedra (2).apk

windows7-x64

3

BaniizKedra (2).apk

windows10-2004-x64

3

BaniizKedra (2).apk

windows10-ltsc 2021-x64

3

BaniizKedra (2).apk

windows11-21h2-x64

3

BaniizKedra (2).apk

android-10-x64

10

BaniizKedra (2).apk

android-11-x64

10

BaniizKedra (2).apk

android-13-x64

10

BaniizKedra (2).apk

android-9-x86

10

BaniizKedra (2).apk

macos-10.15-amd64

4

BaniizKedra (2).apk

debian-12-armhf

BaniizKedra (2).apk

debian-12-mipsel

BaniizKedra (2).apk

debian-9-armhf

BaniizKedra (2).apk

debian-9-mips

BaniizKedra (2).apk

debian-9-mipsel

BaniizKedra (2).apk

ubuntu-18.04-amd64

BaniizKedra (2).apk

ubuntu-20.04-amd64

BaniizKedra (2).apk

ubuntu-22.04-amd64

BaniizKedra (2).apk

ubuntu-24.04-amd64

Analysis

  • max time kernel
    1799s
  • max time network
    1806s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    17-11-2024 19:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BaniizKedra (2).apk

  • Size

    5.4MB

  • MD5

    6a127ad272931ce3e1030ed1269087ac

  • SHA1

    69c36bb20d07217fc90ad0881296be236ce85d2a

  • SHA256

    34f9d74a7696be56b453e0af51eaca2188ec938d9e9b7eac94b5457bf4a3ea9a

  • SHA512

    d6b2f5e60040522abc4805431fa5634c13dddd86efd76ec342055c2dc819c422b74424624820c285bf462b814ca557c1a0f1a8398d8711f6005edb69aec331a9

  • SSDEEP

    98304:fKIKBRU4rZpxd2pOrO2jVuk1M24M4dlMr4ZNHDHUoWRfB:4xl3SOrOlk1L4lM0ZNHDH8B

Score
10/10
spynotebankercollectioncredential_accessevasionexecutioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

spynote

C2

5.42.92.219:7771

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote family
    spynote
  • Spynote payload 1 IoCs
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • discharge.postcard.laughing
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4363

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/discharge.postcard.laughing/app_mph_dex/apk.manager-v1.rizal.xml
    Filesize

    7.1MB

    MD5

    0d3537e7d3e8f67095961747753fed34

    SHA1

    2abadf6ce7da1c6a30d20cf7201a355b0a677cc6

    SHA256

    afce0f84f7a803bd6ea10e0f9758d5fa31258211f1a3d4c67657603ef65dd40c

    SHA512

    640ddfeba4a2e9ae06ff2516cd5a906c4cb8dc7bda85d3e490f21ba06100fe65e2d0e2c524d413cb936062fa1188ea7de6d6e5422016d1997dade88fa227f48b

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-17.txt
    Filesize

    41B

    MD5

    9b34035f49b41c6570eabd93938f6d9a

    SHA1

    431432361dd3deaa06eb8a7031da2b489fbf8f0e

    SHA256

    3eac71cedb99b42276a8c5efbe5f522b2db2f737c24cdafd0b8e233b66cd42cf

    SHA512

    3a73d0aad4d7c07ebe8101042c66827664a39a24eb449c94d7564c12911f0bfd361c374abb20366f458b83969898509726df4c3c9be95f3914b48799957b6d1a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-17.txt
    Filesize

    29B

    MD5

    beeee0c05632c572484e90ff57994a29

    SHA1

    1ca5c1dc3b318b56162aa2eb49d43dd4cf2ae841

    SHA256

    a0962c700a11a232386ceac135e0343d6aca311ff0cceb75556e0c45fb8fc527

    SHA512

    caed1d80812a0eb2ec34e117d0424eabb4d2128fa58d5c77dda5fc25458a47cf43719d98a36d1f5007b22bc546a76f1531de4006d0e49807d697b43d0e4fefdc

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-17.txt
    Filesize

    29B

    MD5

    5e8e1c96a3b4fb6ba16bb806dd1198a5

    SHA1

    a1692586aff6c79b064e69179a71161bc694d185

    SHA256

    d3f5ed8384d0ec4440aca101a6365cb1b43a8c5a853cd18b45061d9e35b9296c

    SHA512

    50273c6b5305bf99a76dd37e7bbf31fb8587e9dad2285dcd475fc9cd8c9b4476f38dd6a23502138917c850dec9e904cd23c324c930fb6e8ea5efd79a0633b6f2

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-17.txt
    Filesize

    260B

    MD5

    ac8cb28231c32af3995d227d667289f8

    SHA1

    57538cae038719c0001f679ea0b91deb4fe4ae0c

    SHA256

    a2ca59221c194dc9fbb1698767dc44b52c2fd90b8836733e16165a2f4dd1fd69

    SHA512

    852bfe0df49c621474d4172eba0c376d3cc6e8bc3fb2190ae4f42ba9514bef44963d74b94dd4565b97c618e6204e1cd4af163aa9651c42ace99d935bb57dabad

    Download Submit