spynote | 1de8041113af1f186b8da5f4c6f35073b717fda160c23050cea7d0d138492b6d | Triage

Sharing

General

Target

ready.apk
Size

684KB
Sample

241125-19nvtswmgl
MD5

6e2e4c52ca8deaed5509dd249a930d37
SHA1

d18a1618729576e8422f7de601d381bbe2513503
SHA256

1de8041113af1f186b8da5f4c6f35073b717fda160c23050cea7d0d138492b6d
SHA512

7828719e1f66656be40878331b6ea192246d6512d7efa729a487110ca404c42cd5f71ea2de038709131ae82f1ac44ef21d03569799fada1a90465e739a80613e
SSDEEP

12288:/X7K04GzY/KCgaF6SFjHo/GUCuju5FrXsjPusT3cgtN0FBmj6Rq21TgvstWD//0://zY/KCtF6SF7o3XSXrXsjPHT3SFBmjS

Score

10^/10

spynote android collection credential_access discovery evasion impact persistence

Malware Config

Extracted

Family

spynote

C2

127.0.0.1:8888

Targets

- Target
  
  ready.apk
- Size
  
  684KB
- MD5
  
  6e2e4c52ca8deaed5509dd249a930d37
- SHA1
  
  d18a1618729576e8422f7de601d381bbe2513503
- SHA256
  
  1de8041113af1f186b8da5f4c6f35073b717fda160c23050cea7d0d138492b6d
- SHA512
  
  7828719e1f66656be40878331b6ea192246d6512d7efa729a487110ca404c42cd5f71ea2de038709131ae82f1ac44ef21d03569799fada1a90465e739a80613e
- SSDEEP
  
  12288:/X7K04GzY/KCgaF6SFjHo/GUCuju5FrXsjPusT3cgtN0FBmj6Rq21TgvstWD//0://zY/KCtF6SF7o3XSXrXsjPHT3SFBmjS
Score

7^/10

collection credential_access discovery evasion impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries the mobile country code (MCC)
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Input Injection

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Input Capture

GUI Input Capture

Keylogging

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionimpactpersistence