Overview

overview

10

Static

static

10

ready_Drop...ed.apk

android-11-x64

1

childapp.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ready_Dropper signed.apk

  • Size

    5.4MB

  • Sample

    241125-tmlnma1nhn

  • MD5

    d6f30ed41d571152ff54caea0b89894f

  • SHA1

    e0c7a684ea7b9721a4dab74125521d3ee702a508

  • SHA256

    fd2047f16b7441320c8494d9bcd45ef122d984478e120bede8ae5f0ddb42b206

  • SHA512

    6c724aaebdbab53b865a72be7e09e59e53e2e69a52269ab2c641b84a0656e1838dce7881d2eecdab949442c3ee702779eea01453907970d47a4967edd2975209

  • SSDEEP

    98304:ab/6jA2/822LF8h83ysgY2E+fM1jHsFazcBdNcOjLKY+gH6Ve9sjbNXzq/UmTcC0:+6j52ih83nD+fs7lz+fZLCDq/XTcCucU

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      ready_Dropper signed.apk

    • Size

      5.4MB

    • MD5

      d6f30ed41d571152ff54caea0b89894f

    • SHA1

      e0c7a684ea7b9721a4dab74125521d3ee702a508

    • SHA256

      fd2047f16b7441320c8494d9bcd45ef122d984478e120bede8ae5f0ddb42b206

    • SHA512

      6c724aaebdbab53b865a72be7e09e59e53e2e69a52269ab2c641b84a0656e1838dce7881d2eecdab949442c3ee702779eea01453907970d47a4967edd2975209

    • SSDEEP

      98304:ab/6jA2/822LF8h83ysgY2E+fM1jHsFazcBdNcOjLKY+gH6Ve9sjbNXzq/UmTcC0:+6j52ih83nD+fs7lz+fZLCDq/XTcCucU

    Score
    1/10
    behavioral1

    • Target

      childapp.apk

    • Size

      9.4MB

    • MD5

      01842aca095a8fdc93c4a3681c75d9e4

    • SHA1

      e3ff478a33bdd604b140a07528024e4253d10e84

    • SHA256

      1bbc6b11bd559daabb6ab2554e558d3a7b746aabd96976b69dfa18f5a8392bc2

    • SHA512

      e174a42f065d968f4ba392b6a58448ea788cfd5a7b1beb5f05f288484d328419fda49ba51e0545a77e667b16a3d12a3ca5ba521d5e8edbdcb86e8cee8a37cbae

    • SSDEEP

      98304:iUU23+m68n0Xb7uBNpDa410CBQKenATQmzFNzB5TD0tokBfkS:423+Vr7crDX5vzFBMT7

    Score
    7/10
    bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral2

MITRE ATT&CK Mobile v15

Tasks