spynote | 5317594a61f72a00ad948d32b98747c6cd8aeabf7c2755e9763c9803e0524485 | Triage

Sharing

General

Target

5317594a61f72a00ad948d32b98747c6cd8aeabf7c2755e9763c9803e0524485.bin
Size

770KB
Sample

241126-11m7yaskfw
MD5

70a55d84829510715105212032ce67d4
SHA1

be7bd9b891e53146425fb493e24534f69596ecd1
SHA256

5317594a61f72a00ad948d32b98747c6cd8aeabf7c2755e9763c9803e0524485
SHA512

79f950510e18ed93ac16f4d2d7ea2205590633d3c3af54f6997b172470534c18ef268e981f1cf4adc4ed4bfc3dcd9cd531cc5c45b132f70965079d9b8063c798
SSDEEP

12288:Q/ka1a8Lze2TEz4TbVz5WmpYshXZPbGwidNpga:Na1ame2TC4TbVz5WmD9idNpp

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

192.168.10.3:2221

Targets

- Target
  
  5317594a61f72a00ad948d32b98747c6cd8aeabf7c2755e9763c9803e0524485.bin
- Size
  
  770KB
- MD5
  
  70a55d84829510715105212032ce67d4
- SHA1
  
  be7bd9b891e53146425fb493e24534f69596ecd1
- SHA256
  
  5317594a61f72a00ad948d32b98747c6cd8aeabf7c2755e9763c9803e0524485
- SHA512
  
  79f950510e18ed93ac16f4d2d7ea2205590633d3c3af54f6997b172470534c18ef268e981f1cf4adc4ed4bfc3dcd9cd531cc5c45b132f70965079d9b8063c798
- SSDEEP
  
  12288:Q/ka1a8Lze2TEz4TbVz5WmpYshXZPbGwidNpga:Na1ame2TC4TbVz5WmD9idNpp
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscovery

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation