Overview

overview

10

Static

static

10

SpyNote_v6...pi.dll

windows7-x64

1

SpyNote_v6...pi.dll

windows10-2004-x64

1

SpyNote_v6...6.html

windows7-x64

3

SpyNote_v6...6.html

windows10-2004-x64

3

SpyNote_v6...2.html

windows7-x64

3

SpyNote_v6...2.html

windows10-2004-x64

3

SpyNote_v6...9.html

windows7-x64

3

SpyNote_v6...9.html

windows10-2004-x64

3

SpyNote_v6...SM.dll

windows7-x64

1

SpyNote_v6...SM.dll

windows10-2004-x64

1

SpyNote_v6...SL.exe

windows7-x64

1

SpyNote_v6...SL.exe

windows10-2004-x64

1

apktool/apktool.bat

windows7-x64

1

apktool/apktool.bat

windows10-2004-x64

1

apktool/apktool.jar

windows7-x64

1

apktool/apktool.jar

windows10-2004-x64

1

apktool/signapk.jar

windows7-x64

1

apktool/signapk.jar

windows10-2004-x64

1

SpyNote_v6...ub.apk

android-9-x86

SpyNote_v6...ub.apk

android-10-x64

SpyNote_v6...ub.apk

android-11-x64

SpyNote_v6...va.jar

windows7-x64

1

SpyNote_v6...va.jar

windows10-2004-x64

1

SpyNote_v6...sS.exe

windows7-x64

1

SpyNote_v6...sS.exe

windows10-2004-x64

1

platform-t...pi.dll

windows7-x64

3

platform-t...pi.dll

windows10-2004-x64

3

platform-t...pi.dll

windows7-x64

3

platform-t...pi.dll

windows10-2004-x64

3

platform-t...db.exe

windows7-x64

3

platform-t...db.exe

windows10-2004-x64

3

platform-t...mp.exe

windows7-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SpyNote_v6.4.rar

  • Size

    22.0MB

  • Sample

    241129-vwy6raxndx

  • MD5

    84325e47432141d8440127bce6b974d0

  • SHA1

    3ffa30171e6d57af803b6fae0f8b35559bc45274

  • SHA256

    71ce71735aa47a3b1d17e1b6639aaf6213b4c284243ad5ae7bb36fa1c5c9975f

  • SHA512

    701f3573be8634d5a10d72935be0ae9a1929804e1f16634bc3ed104c1e863df14456a5b7ffb62a0c7612db506017ad672ed447ee6bd2dbf81af88caf840ae03e

  • SSDEEP

    393216:KTkHSGrRzx7bynxYnMHcBNvUqvvDY4gXX9w+ijU0UkL20tzPt/OGtgwGIR46mrn:KQHSqomnM8BNvnNga+KU0zp//RxmL

Score
10/10
spynoteandroiddiscovery

Malware Config

Extracted

Family

spynote

C2

[SPY_NOTE_HOST_OK]:[SPY_NOTE_PORT_OK]

Targets

    • Target

      SpyNote_v6.4/CoreAudioApi.dll

    • Size

      24KB

    • MD5

      6a009b7c4b252788d80d4e40adcf51ce

    • SHA1

      9302cd4f00fa70b768feec2a49505052cd4bd13e

    • SHA256

      df6115987161ee1238f9564bd10c998d9016f582e5b7b9d23d21a74d6955bdd3

    • SHA512

      7a27bc38249b293fbfb9389cac3365bf64e9536281c347939192e6b151b4e574bd9743df81721dc4e6beca0ab0a5784436b7f7bff780fdddef4c7c26b02cc354

    • SSDEEP

      384:JGuIVn86+5zUH4RmcBoZhn9ipvNeFSAucqmPBJGbsw3uiIx5L5gV:CVn86YzgoW0VNeFS0Tbw3up5tgV

    Score
    1/10
    behavioral1behavioral2

    • Target

      SpyNote_v6.4/Resources/Clients/KingB_354051091211537/Settings/2021-11-9--11-07-16.html

    • Size

      5KB

    • MD5

      ebbd85872881ea5b9062e582425e133b

    • SHA1

      dbe89aabc9f3330205893c1e81e4f75a4adaa253

    • SHA256

      c403aca8d1faf420dec4ce43fc27e8f5e980cc68619c79265a555227ab6c0f6b

    • SHA512

      836edded1673c5a508d28fabaf970e098c0237177cacb901a5c95cccd641b1c8726ea7aa7fb77fb20a08b9b41e096eaf4bded8065afb90e35b5ba2e7444fe498

    • SSDEEP

      48:yfUp0WhAx1FYVFdFqxyyTaqgD6FT1hg7tT/fd1/ha1B5dNM121H7/B9sWVYP0u1N:qRFAwO96Fuf6/HWP5RnjefI

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      SpyNote_v6.4/Resources/Clients/Vicitim_354051091211537/Apps/2021-27-9--17-10-52.html

    • Size

      9KB

    • MD5

      6a9f214598268f6b9754d0c6b3c29cfd

    • SHA1

      80858e5c88c4f875a03879eeb7f427e4c63f0981

    • SHA256

      70cb40871f1ca0e710697d82ae1d48d4236ef4d82ac4af897558a6397baa0748

    • SHA512

      56d9f796aa974a612486454ac0e7d1218ddbaf06447f85c1cb62efc943346adf71d98d5026ab54bff88cd087155a0b008f73be290808a350538e0e78a1e7026d

    • SSDEEP

      96:qa3FAwO96Fuf6/aFdAy7hLp209NSTWd3hC3CYvFrGSpI:qa39QmTH3CYvI

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      SpyNote_v6.4/Resources/Clients/Vicitim_354051091211537/Settings/2021-27-9--17-12-59.html

    • Size

      5KB

    • MD5

      c8c8fcd405c8a96e90410aa1db93cffa

    • SHA1

      4f10edb9c46052cf4f8561fae3f39c2280db10de

    • SHA256

      2e019c102d5f2eaf9a3ab532422428e3a281fba275151910f731e21d87995a62

    • SHA512

      fe51e7bfb9ce47762eb6a1cfdbc13578dadcc5b1364c740ef93be76d1958a42768e1590a97fb4514d5242d2c8a136b9561ffeec09e1241b007575527b4940c3f

    • SSDEEP

      48:yfUpWR3WhAx1FYVFdFqxyyTaqgD6FT1hg7tT/fd1/ha1B5dNM121H7/B9sWVYP0W:qD3FAwO96Fuf6/HWP5RhYefd

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      SpyNote_v6.4/Resources/Imports/Gsm/GSM.dll

    • Size

      5KB

    • MD5

      c4ceacedf5310a761b828bed9f7dbc62

    • SHA1

      f2c4c23d1c04df3899bc0a1e1812eca8f421fbb1

    • SHA256

      61b0ca29ce7a62932699f33c272fd6d3731a1430ac3455b7a240b01ae461370f

    • SHA512

      58c42d60a28c6e344060242e77cc841ba1a892cb8b9d5dae02c8f9b2e4c1deeebb599e6a1c401a3c585eb44c28d9c72b2ee56be273169af1d52850e426a1da32

    • SSDEEP

      96:Vuyz+/KPV+gzlmtrLPfdHOzHFu90rdjF:5z+m9ELPfdHH90H

    Score
    1/10
    behavioral10behavioral9

    • Target

      SpyNote_v6.4/Resources/Imports/Payload/SL.exe

    • Size

      1.5MB

    • MD5

      f6a422a88819ddbea39c40a28fbdd307

    • SHA1

      710fdbbd3d6f273bdc05bf4c3a0146b0142ad71e

    • SHA256

      ebabf22b419f6a4b1fde570999f5871fb4f0552f4a97629f6ebf02edd33b8a2b

    • SHA512

      42c6f6e92d0c3ec764017c69e1c52ced65944b45782b72ce586d4203acbbf39affb267a16314c30ec146cb8710c0e151c3db2a851100b8cf7bbcf800dbde3051

    • SSDEEP

      768:rKSAOfhZXvSzjWKDIp93ZZwpZpTQdBHiF7QHsIMd3uDxZuFs+mg:9rfhZXvSzjWb5wz16S7l9eDxZuv

    Score
    1/10
    behavioral11behavioral12

    • Target

      apktool/apktool.bat

    • Size

      135B

    • MD5

      b02966b106045115fa8ef94a4e67537b

    • SHA1

      f901df8bbfe8fe50e560e625a27da1c6c4f0e9b3

    • SHA256

      3d8108beb40535e68e7f6421a4309408ea5efab91707fa25d862154e3cc9b6df

    • SHA512

      6274a4568285c74985b095d1dd5649044b61cb7c372dc4653c62a2b92833df477f5a5453be0e598622918b4e6c27064a57e5fba1a657dd064e6d9598fe2f94cc

    Score
    1/10
    behavioral13behavioral14

    • Target

      apktool/apktool.jar

    • Size

      8.9MB

    • MD5

      a15507953bd9b89c2d6570f46fb1f774

    • SHA1

      261a8e68c72b0ebf70894c40b3c35176a66d86fe

    • SHA256

      0e543660bf2d16fe7c543d4034ef505a6ddccb883416c8aa68d1a1d779b057f2

    • SHA512

      eb519a94a4aecc1358f4a1cc84e03c772d8b59edf8b5e37956a756f0cc2673c5d9d976ad6796543db74cf187763077b4bbcd0519e7f7be845c0e9874d4862353

    • SSDEEP

      196608:lIkbXnl3I3rmGQFTbuGzuJVzNfaTWkxQcGhiO:lIw+mGyTNzuJNkTWk0

    Score
    1/10
    behavioral15behavioral16

    • Target

      apktool/signapk.jar

    • Size

      7KB

    • MD5

      aec6985fe2314e4d032ba6d192ac4163

    • SHA1

      b16f006e7bf509add528f4b9a075ca373d531203

    • SHA256

      b17534e89a5b58d5e343ba54a49da579cf9213988f4beeae24fe4582a0c226bb

    • SHA512

      5347fb296f87fb71046e0fd261a495485254ed7bd6d68da3aebb346267e5bc14ad8a89aa5496b31b2bf0da35b8c7c4cbbf71ace977443f09ecdbe50e1288bcea

    • SSDEEP

      192:20AfGZ6TJSM/+Lz2dBM8ZRSvdrGanQRSHFzJ:dj6tof2nMySvldT

    Score
    1/10
    behavioral17behavioral18

    • Target

      SpyNote_v6.4/Resources/Imports/Payload/stub.apk

    • Size

      730KB

    • MD5

      0c0290abde03555f3c66c81eba860a3d

    • SHA1

      939a8e6d0ed4bd8c9f491405ecf069df7bddb7cc

    • SHA256

      7b20a276931c8625b39ebc46017c7e4d4a7bdf319b9f451231d777b078b0cd6a

    • SHA512

      441922d41856ec246d1cb29e3b290b62b2d3bc4ca54f896af1df72263e67a320f1b3b85f4d5bd129fa32b4633a1b9f74a63783791f1ea1cb1ca97a8a26b8ea48

    • SSDEEP

      12288:CJc+EIBvAvcKIth8eGz3zaR9QHqd8gmw+/goe13VvqX:CJc+EIO0K4KeGTzaR+imz/goeHvqX

    Score
    1/10
    behavioral19behavioral20behavioral21

    • Target

      SpyNote_v6.4/Resources/Imports/PlayerJava/PlayerJava.jar

    • Size

      3KB

    • MD5

      d9c23d7574c0d886321dcd029e463f2c

    • SHA1

      7fad47eb6860a01325c6d526a43d9bbadb66aff7

    • SHA256

      e22d8a06415f21b900a9a079a6a7928d6c84d2cf33aa07c6ad385dfbbfcd55ed

    • SHA512

      c32c019fb0bacbd70441cf3ed769bfde9597389f840ff8511db36586756382ef22bd163a7b7cb9e258a4b7a896e5d1a606d92513a141cb2e3c6e421a66ecb316

    Score
    1/10
    behavioral22behavioral23

    • Target

      SpyNote_v6.4/Resources/Imports/T/sS.exe

    • Size

      20KB

    • MD5

      90c145d34b8ac338e099f062bf5d86c0

    • SHA1

      d8518776439fd67f9e4d1b5441a96b5cb783d2b1

    • SHA256

      60cb176777a21fa10359afff9d48766ee84d50d7d2f06a5047fe84106fe07626

    • SHA512

      07694ca2c05b3c8932ddc17920dfd05e58e1f435b468f5f896a4dc0d0c5688fb1217140515a497fe8a10a1cb30b135fd9ac928125f7602218b1588e7a9363a73

    • SSDEEP

      384:sOaTt8CNVFW6qh/M+z/QunGLS9tLEO2a0R72t465i:stTBVzqO+z9SZRSt465i

    Score
    1/10
    behavioral24behavioral25

    • Target

      platform-tools/AdbWinApi.dll

    • Size

      95KB

    • MD5

      ed5a809dc0024d83cbab4fb9933d598d

    • SHA1

      0bc5a82327f8641d9287101e4cc7041af20bad57

    • SHA256

      d60103a5e99bc9888f786ee916f5d6e45493c3247972cb053833803de7e95cf9

    • SHA512

      1fdb74ee5912fbdd2c0cba501e998349fecfbef5f4f743c7978c38996aa7e1f38e8ac750f2dc8f84b8094de3dd6fa3f983a29f290b3fa2cdbdaed691748baf17

    • SSDEEP

      1536:Jwqdq+3pvspmLh8SCykrpTG7kfGHuNezq02XJqo+iFi1yCP:JwqD3L8Tezq0et+ui1y

    Score
    3/10
    discovery
    behavioral26behavioral27

    • Target

      platform-tools/AdbWinUsbApi.dll

    • Size

      61KB

    • MD5

      0e24119daf1909e398fa1850b6112077

    • SHA1

      293eedadb3172e756a421790d551e407457e0a8c

    • SHA256

      25207c506d29c4e8dceb61b4bd50e8669ba26012988a43fbf26a890b1e60fc97

    • SHA512

      9cbb26e555ab40b019a446337db58770b9a0c9c08316ff1e1909c4b6d99c00bd33522d05890870a91b4b581e20c7dce87488ab0d22fc3c4bbdd7e9b38f164b43

    • SSDEEP

      1536:l72doFmOiHizFbPlspcsbj5ZsP+YeTs1p:lSSfN9+YeTs1p

    Score
    3/10
    discovery
    behavioral28behavioral29

    • Target

      platform-tools/adb.exe

    • Size

      1.7MB

    • MD5

      884242fb6cbbec1f7711b946ef669e0e

    • SHA1

      7b2bc3c03909e705da759b7c21907683db668cc5

    • SHA256

      65210cb4139672b53acaa2222b1005d036b0b02c437aa47e0e7b616fab0e2f6f

    • SHA512

      c73ed5875dd0a3f0c400794a10336b00602950fa3ff6fb99ce9a772681fb8c5237c5c3cba2d0b7d254e497383d634d3a97342039cc40d295f262c583d0839768

    • SSDEEP

      49152:WyM2dKh9Z/8qaQqBwYNapOdJmUUXPB2DhmRz:dZsh9Z/8pQqBwYNapOdJmUUBRz

    Score
    3/10
    discovery
    behavioral30behavioral31

    • Target

      platform-tools/dmtracedump.exe

    • Size

      142KB

    • MD5

      41f6a72f1a9e3d63be1839edc1e96e1f

    • SHA1

      e6b811bbe6986937e7991c6e7b8cf0e564cbc075

    • SHA256

      f9a239882c548d303e7286e2c34a22f694bbc41499dcd762e9af2fde49540637

    • SHA512

      9409e586b083099e041b962c65a10f362886f919fd1a2c926846ba8650e228551ba8bf108d5779b98bd2997e3881370df6141080aeca186b83fcedf3127737f3

    • SSDEEP

      1536:DqyWSNJKj1DjfWK7oK3Gi4iPWatziN8SUDwH3WchEpbWtdmyKY1togmUgzH:DDy1OM3GiLeaHt3patdmFY1togmUgzH

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

spynote
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

Score
1/10