spynote | 7c9731718738e645d8e81d394564f0c0a897545de64a83e0235d2b372eb9f6a1 | Triage

Sharing

General

Target

7c9731718738e645d8e81d394564f0c0a897545de64a83e0235d2b372eb9f6a1.bin
Size

760KB
Sample

241118-1y9cds1nbr
MD5

e58b6ee37916d241e6cb232ff508a7b8
SHA1

59fb5a9295abae874564ead095c59d37b8b9955e
SHA256

7c9731718738e645d8e81d394564f0c0a897545de64a83e0235d2b372eb9f6a1
SHA512

d36ca36f1d9579f3cf5e175537475c1b2ba95cffd554e30d033aac68f270e5d78b12c2b5ecc0885129e9fe8a3d49801cde1eb56aef3a1c9e619ecb3566b21a01
SSDEEP

12288:6+yFUa1a8LdeS/wZAXUG5WmpYshXZPbGwidNpg/:6+Va1a6eS8AXUG5WmD9idNpI

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

127.0.0.1:5037

Targets

- Target
  
  7c9731718738e645d8e81d394564f0c0a897545de64a83e0235d2b372eb9f6a1.bin
- Size
  
  760KB
- MD5
  
  e58b6ee37916d241e6cb232ff508a7b8
- SHA1
  
  59fb5a9295abae874564ead095c59d37b8b9955e
- SHA256
  
  7c9731718738e645d8e81d394564f0c0a897545de64a83e0235d2b372eb9f6a1
- SHA512
  
  d36ca36f1d9579f3cf5e175537475c1b2ba95cffd554e30d033aac68f270e5d78b12c2b5ecc0885129e9fe8a3d49801cde1eb56aef3a1c9e619ecb3566b21a01
- SSDEEP
  
  12288:6+yFUa1a8LdeS/wZAXUG5WmpYshXZPbGwidNpg/:6+Va1a6eS8AXUG5WmD9idNpI
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation