spynote | 0b6a97edda640cb0c717e95da8c7b813db85569f64a9872b26344383480ad3b9 | Triage

Sharing

General

Target

ready.apk
Size

9.3MB
Sample

241206-ybnq3atlcx
MD5

321003cd71700aafc8d492a6670f97fa
SHA1

aad32176fff2a0580348036cf42aa9e3534f72f0
SHA256

0b6a97edda640cb0c717e95da8c7b813db85569f64a9872b26344383480ad3b9
SHA512

8727e0e1f8cfe9ca0ee5de80279ffe6c45a53d1718037354907a700f745e1b548accb0637b4bf37606aa6a448c0a51fe4688c3da44ba0295945e510b566ae86b
SSDEEP

98304:uVO3CF7VbU2omwcSoLiaJDthdrathqm9yN2mzPzBFTP0twxUsy:uVMCrbsmxnLNthJ4fUBzTAj

Score

10^/10

spynote android collection credential_access evasion persistence

Malware Config

Targets

- Target
  
  ready.apk
- Size
  
  9.3MB
- MD5
  
  321003cd71700aafc8d492a6670f97fa
- SHA1
  
  aad32176fff2a0580348036cf42aa9e3534f72f0
- SHA256
  
  0b6a97edda640cb0c717e95da8c7b813db85569f64a9872b26344383480ad3b9
- SHA512
  
  8727e0e1f8cfe9ca0ee5de80279ffe6c45a53d1718037354907a700f745e1b548accb0637b4bf37606aa6a448c0a51fe4688c3da44ba0295945e510b566ae86b
- SSDEEP
  
  98304:uVO3CF7VbU2omwcSoLiaJDthdrathqm9yN2mzPzBFTP0twxUsy:uVMCrbsmxnLNthJ4fUBzTAj
Score

7^/10

collection credential_access evasion persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessevasionpersistence