Overview

overview

10

Static

static

10

cd47f6ef0a...c4.apk

android-9-x86

7

cd47f6ef0a...c4.apk

android-10-x64

7

cd47f6ef0a...c4.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cd47f6ef0a47514658730d0e49157eeeec7c7fe530f6c971b28ff50da75dadc4.bin

  • Size

    760KB

  • Sample

    241128-1ys1eaxrel

  • MD5

    03c3bb8ed2cf2de875eda8fdd2846c72

  • SHA1

    53a3f04e447371f2a6f7a7932758f125bb3f9fe7

  • SHA256

    cd47f6ef0a47514658730d0e49157eeeec7c7fe530f6c971b28ff50da75dadc4

  • SHA512

    06bf6f10ea08a967c0ff5373bc9b7481790edfac838326b6c01eadfc1e2d70bdaddffa9426398f0c21134be96c7164bdb5fb7e980f0c8c71fe0aa02efbf9fffd

  • SSDEEP

    12288:v5F55a1a8LreI1CQwIZh5WmpYshXZPbGwidNpgP:vDa1a2eIxwIZh5WmD9idNp8

Score
10/10
spynoteandroidbankerdiscoveryevasionpersistence

Malware Config

Extracted

Family

spynote

C2

192.168.1.99:1080

Targets

    • Target

      cd47f6ef0a47514658730d0e49157eeeec7c7fe530f6c971b28ff50da75dadc4.bin

    • Size

      760KB

    • MD5

      03c3bb8ed2cf2de875eda8fdd2846c72

    • SHA1

      53a3f04e447371f2a6f7a7932758f125bb3f9fe7

    • SHA256

      cd47f6ef0a47514658730d0e49157eeeec7c7fe530f6c971b28ff50da75dadc4

    • SHA512

      06bf6f10ea08a967c0ff5373bc9b7481790edfac838326b6c01eadfc1e2d70bdaddffa9426398f0c21134be96c7164bdb5fb7e980f0c8c71fe0aa02efbf9fffd

    • SSDEEP

      12288:v5F55a1a8LreI1CQwIZh5WmpYshXZPbGwidNpgP:vDa1a2eIxwIZh5WmD9idNp8

    Score
    7/10
    bankerdiscoveryevasionpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks