spynote | ef7a3cb0b7dacaa9ac1789020cad088605f71e95f2e466422e387b2dd1fe6ad9 | Triage

Sharing

General

Target

Payload.apk
Size

770KB
Sample

241125-14z1xayphs
MD5

26bc6867474b1d9467b1ecbb1bd35b3a
SHA1

904061991a72c74b95b8ada947be5fe72503f98e
SHA256

ef7a3cb0b7dacaa9ac1789020cad088605f71e95f2e466422e387b2dd1fe6ad9
SHA512

4ebb5ca2ee360c2857809344b311d13a522b22aed947539672fe73cac2abbaeba6ee9dd138e411811692101834a03e2e860e7452959bb3ee8e71dcccdea1e355
SSDEEP

12288:U5WmpYshXZPbGwidNpgCAzYbvVno3EGB6boQNR:U5WmD9idNp/AzYbK3EGIoQ3

Score

10^/10

spynote android banker discovery evasion persistence

Malware Config

Extracted

Family

spynote

C2

192.168.1.39:7744

Targets

- Target
  
  Payload.apk
- Size
  
  770KB
- MD5
  
  26bc6867474b1d9467b1ecbb1bd35b3a
- SHA1
  
  904061991a72c74b95b8ada947be5fe72503f98e
- SHA256
  
  ef7a3cb0b7dacaa9ac1789020cad088605f71e95f2e466422e387b2dd1fe6ad9
- SHA512
  
  4ebb5ca2ee360c2857809344b311d13a522b22aed947539672fe73cac2abbaeba6ee9dd138e411811692101834a03e2e860e7452959bb3ee8e71dcccdea1e355
- SSDEEP
  
  12288:U5WmpYshXZPbGwidNpgCAzYbvVno3EGB6boQNR:U5WmD9idNp/AzYbK3EGIoQ3
Score

7^/10

banker discovery evasion persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdiscoveryevasionpersistence