spynote | b93be3c94c2c3955d41ccf5cdc455fbe38100784d1db6e642e23ca3e3a6e01e7 | Triage

Sharing

General

Target

cheat (1).apk
Size

4.6MB
Sample

241124-vhpedswjfn
MD5

7f0ade62ea3dfafdc6b67f58cf91de99
SHA1

8f874745ee648c116477ec8dc25d4a1f5cc54a2f
SHA256

b93be3c94c2c3955d41ccf5cdc455fbe38100784d1db6e642e23ca3e3a6e01e7
SHA512

814126b46cbda5980fc4f9767f6ec4e7332f5be95fc6a9115f014f39c95ba170e9ca3eb079d3352c349546d9e591901271c88ec9a909aad9503f66729a50e888
SSDEEP

98304:OrYoIO3SdOPY9si9zB6mVNj5jKamz1qzB+TH0tOEqkl:OrYoIeSYJi9zB6mVp6z1jYZH

Score

10^/10

spynote android collection credential_access evasion execution persistence

Malware Config

Targets

- Target
  
  cheat (1).apk
- Size
  
  4.6MB
- MD5
  
  7f0ade62ea3dfafdc6b67f58cf91de99
- SHA1
  
  8f874745ee648c116477ec8dc25d4a1f5cc54a2f
- SHA256
  
  b93be3c94c2c3955d41ccf5cdc455fbe38100784d1db6e642e23ca3e3a6e01e7
- SHA512
  
  814126b46cbda5980fc4f9767f6ec4e7332f5be95fc6a9115f014f39c95ba170e9ca3eb079d3352c349546d9e591901271c88ec9a909aad9503f66729a50e888
- SSDEEP
  
  98304:OrYoIO3SdOPY9si9zB6mVNj5jKamz1qzB+TH0tOEqkl:OrYoIeSYJi9zB6mVp6z1jYZH
Score

7^/10

collection credential_access evasion execution persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Requests enabling of the accessibility settings.
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessevasionexecutionpersistence