Overview

overview

10

Static

static

10

0552137aaa...ed.apk

android-9-x86

8

0552137aaa...ed.apk

android-10-x64

8

0552137aaa...ed.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0552137aaa2c9419c8843d50bcb15a4c80913ed47eb71c5e5ab9b5ac257944ed.bin

  • Size

    868KB

  • Sample

    241205-1xp75azqfp

  • MD5

    fd1bd9dc023f3641ad34ea7690d46d1b

  • SHA1

    fb74c62100f11e3ba958b65bdf3b9d4aaf9e60a5

  • SHA256

    0552137aaa2c9419c8843d50bcb15a4c80913ed47eb71c5e5ab9b5ac257944ed

  • SHA512

    191d09fe5c9919c9c454265b9c38eefae01890affcf298449139cdc9631887d002127ea1c4dfea83ceed0eeac68862541ecd14ff9ad2faa4f1ea2bbb54b0a748

  • SSDEEP

    24576:mffa1a2e5pvbOfs6aU8Q55WmD9idNpMJx:6a1aVpC7fWk0d/m

Score
10/10
spynoteandroidbankerdiscoveryevasionpersistencestealthtrojan

Malware Config

Extracted

Family

spynote

C2

182.191.122.219:8855

Targets

    • Target

      0552137aaa2c9419c8843d50bcb15a4c80913ed47eb71c5e5ab9b5ac257944ed.bin

    • Size

      868KB

    • MD5

      fd1bd9dc023f3641ad34ea7690d46d1b

    • SHA1

      fb74c62100f11e3ba958b65bdf3b9d4aaf9e60a5

    • SHA256

      0552137aaa2c9419c8843d50bcb15a4c80913ed47eb71c5e5ab9b5ac257944ed

    • SHA512

      191d09fe5c9919c9c454265b9c38eefae01890affcf298449139cdc9631887d002127ea1c4dfea83ceed0eeac68862541ecd14ff9ad2faa4f1ea2bbb54b0a748

    • SSDEEP

      24576:mffa1a2e5pvbOfs6aU8Q55WmD9idNpMJx:6a1aVpC7fWk0d/m

    Score
    8/10
    bankerdiscoveryevasionpersistencestealthtrojan

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks