spynote | 9bf275dd26986e4cc48e7fa89653b459fe5694a0b4ad9f2db3fd93bb9f844468 | Triage

Sharing

General

Target

9bf275dd26986e4cc48e7fa89653b459fe5694a0b4ad9f2db3fd93bb9f844468.bin
Size

784KB
Sample

241205-1y9m6atqax
MD5

a474b9ab4b75c84cd8c0fa338c6cee13
SHA1

f9e64eaa92f6e589f2226a3451f9d02b3ddcbe87
SHA256

9bf275dd26986e4cc48e7fa89653b459fe5694a0b4ad9f2db3fd93bb9f844468
SHA512

98df3f47ebfc3b3a560e2eb4c6973c7b9ed07fcd2e4c8c8b4634b148ca1303bc235e81df37f6481ca123525407dc0295f48bb1d06c9ba84d0c0df7c14e036775
SSDEEP

12288:WNxMa1a8LzeFNUHIqNY5WmpYshXZPbGwidNpgR:Wca1ameFNWIqNY5WmD9idNpm

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

york-las.gl.at.ply.gg:42607

Targets

- Target
  
  9bf275dd26986e4cc48e7fa89653b459fe5694a0b4ad9f2db3fd93bb9f844468.bin
- Size
  
  784KB
- MD5
  
  a474b9ab4b75c84cd8c0fa338c6cee13
- SHA1
  
  f9e64eaa92f6e589f2226a3451f9d02b3ddcbe87
- SHA256
  
  9bf275dd26986e4cc48e7fa89653b459fe5694a0b4ad9f2db3fd93bb9f844468
- SHA512
  
  98df3f47ebfc3b3a560e2eb4c6973c7b9ed07fcd2e4c8c8b4634b148ca1303bc235e81df37f6481ca123525407dc0295f48bb1d06c9ba84d0c0df7c14e036775
- SSDEEP
  
  12288:WNxMa1a8LzeFNUHIqNY5WmpYshXZPbGwidNpgR:Wca1ameFNWIqNY5WmD9idNpm
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscovery

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation