spynote | dbf32f8c2f93963373dabcc455029d1dbf1388019e50a681a4a4d75c9fe6072a | Triage

Sharing

General

Target

ready.apk
Size

38.9MB
Sample

241128-cf9nfawpdr
MD5

82b614de8c5623c9e46194f1d155016e
SHA1

3d22abb31a546f14e9171d0b0ac9f291ca627ec7
SHA256

dbf32f8c2f93963373dabcc455029d1dbf1388019e50a681a4a4d75c9fe6072a
SHA512

4b783d8ef4d0b9574b8aa34fcd2b490263d6d01e9fc126668c52b57ba89fb8c2f562baa70ba18e701d2c1c57e1a10de10c9d8d50d05205b2fe50c66a689e46b8
SSDEEP

49152:AhL0S2yoyxw1l436LZ2wZlybbZXfv/6ImzpzdGGjQTOCMUkYqb0cgxsGwikC/:Qlxw1l436g/ZPvCImzpzBkTs0txsa/

Score

10^/10

spynote android collection credential_access discovery evasion execution persistence stealth trojan

Malware Config

Extracted

Family

spynote

C2

192.168.1.214:7771

Targets

- Target
  
  ready.apk
- Size
  
  38.9MB
- MD5
  
  82b614de8c5623c9e46194f1d155016e
- SHA1
  
  3d22abb31a546f14e9171d0b0ac9f291ca627ec7
- SHA256
  
  dbf32f8c2f93963373dabcc455029d1dbf1388019e50a681a4a4d75c9fe6072a
- SHA512
  
  4b783d8ef4d0b9574b8aa34fcd2b490263d6d01e9fc126668c52b57ba89fb8c2f562baa70ba18e701d2c1c57e1a10de10c9d8d50d05205b2fe50c66a689e46b8
- SSDEEP
  
  49152:AhL0S2yoyxw1l436LZ2wZlybbZXfv/6ImzpzdGGjQTOCMUkYqb0cgxsGwikC/:Qlxw1l436g/ZPvCImzpzBkTs0txsa/
Score

8^/10

collection credential_access discovery evasion execution persistence stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Hide Artifacts

Suppress Application Icon

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

behavioral2

collectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

behavioral3

collectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan