spynote | bb9b9a52ec647b0d60fb108afec38195547e83424847800c5b247b1227c6899f | Triage

Sharing

General

Target

bb9b9a52ec647b0d60fb108afec38195547e83424847800c5b247b1227c6899f.bin
Size

760KB
Sample

241123-1y1p9avpcr
MD5

7c2287f00ba2f133e98a55eeb46e685e
SHA1

df4230347b10f2dd3eeb35041ee71960689ca6d5
SHA256

bb9b9a52ec647b0d60fb108afec38195547e83424847800c5b247b1227c6899f
SHA512

52f0984daff3264e017d87f8a195da6702432382c5d887230134bb0bee3168ea92648cd62e54162d80ab336a30755567f25903de9cda95c8d31f7b95f942a617
SSDEEP

12288:p173a1a8Lde3Mys1dw5WmpYshXZPbGwidNpgE:pta1a6e3Ls1dw5WmD9idNpL

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

192.168.0.102:4444

Targets

- Target
  
  bb9b9a52ec647b0d60fb108afec38195547e83424847800c5b247b1227c6899f.bin
- Size
  
  760KB
- MD5
  
  7c2287f00ba2f133e98a55eeb46e685e
- SHA1
  
  df4230347b10f2dd3eeb35041ee71960689ca6d5
- SHA256
  
  bb9b9a52ec647b0d60fb108afec38195547e83424847800c5b247b1227c6899f
- SHA512
  
  52f0984daff3264e017d87f8a195da6702432382c5d887230134bb0bee3168ea92648cd62e54162d80ab336a30755567f25903de9cda95c8d31f7b95f942a617
- SSDEEP
  
  12288:p173a1a8Lde3Mys1dw5WmpYshXZPbGwidNpgE:pta1a6e3Ls1dw5WmD9idNpL
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation