spynote | eecca4f5c484ca98d70e18d7f2ecdfd80be4eff111cc4aadb5c4e37804a1f7c2 | Triage

Sharing

General

Target

eecca4f5c484ca98d70e18d7f2ecdfd80be4eff111cc4aadb5c4e37804a1f7c2.bin
Size

784KB
Sample

241205-1y8qvstqaw
MD5

5bb375ceb1d31fe555265c22ec8732f6
SHA1

9ee7041e69f4b0a27bbd471d878c7c20511c53ce
SHA256

eecca4f5c484ca98d70e18d7f2ecdfd80be4eff111cc4aadb5c4e37804a1f7c2
SHA512

ae0be7cd86562486506fb72093c912c478479381e70529c3c32d91e8527f2c6425db70c1f73e01a0844b5a93b6e9935d6e4af3079c971a5e6880519118b0183e
SSDEEP

12288:0mJPhU7Da1a8LzeblKRKuje5WmpYshXZPbGwidNpgw:0EPhUPa1amebl2Kuje5WmD9idNpb

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

york-las.gl.at.ply.gg:42607

Targets

- Target
  
  eecca4f5c484ca98d70e18d7f2ecdfd80be4eff111cc4aadb5c4e37804a1f7c2.bin
- Size
  
  784KB
- MD5
  
  5bb375ceb1d31fe555265c22ec8732f6
- SHA1
  
  9ee7041e69f4b0a27bbd471d878c7c20511c53ce
- SHA256
  
  eecca4f5c484ca98d70e18d7f2ecdfd80be4eff111cc4aadb5c4e37804a1f7c2
- SHA512
  
  ae0be7cd86562486506fb72093c912c478479381e70529c3c32d91e8527f2c6425db70c1f73e01a0844b5a93b6e9935d6e4af3079c971a5e6880519118b0183e
- SSDEEP
  
  12288:0mJPhU7Da1a8LzeblKRKuje5WmpYshXZPbGwidNpgw:0EPhUPa1amebl2Kuje5WmD9idNpb
Score

7^/10

banker discovery evasion persistence impact privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation