spynote | 24ecddd58b2f4c310daa76b8ede57c5f94e168471a371790c1daef74ac0bde0b | Triage

Sharing

General

Target

24ecddd58b2f4c310daa76b8ede57c5f94e168471a371790c1daef74ac0bde0b.bin
Size

760KB
Sample

241207-1yxctswmfy
MD5

6dc573589acf8ac8092092202f58d4ed
SHA1

750b6635c21b4769e710c30c1c10558bd637838d
SHA256

24ecddd58b2f4c310daa76b8ede57c5f94e168471a371790c1daef74ac0bde0b
SHA512

d0a85cc77622db4f3659add2d45c4d1323ded8aa5f3cdfab41d471f590da0dbd1465e78e44cbebbfe062eaed57eb564ed382c96636b1232c8a29ef3ce9225768
SSDEEP

12288:26oJ6sgR8Lz5dxgv5Uq5WmpYshXZPbGwidNpgPU:6J6s1Lz5cv5Uq5WmD9idNp+U

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

127.0.0.1:2525:20342

Targets

- Target
  
  24ecddd58b2f4c310daa76b8ede57c5f94e168471a371790c1daef74ac0bde0b.bin
- Size
  
  760KB
- MD5
  
  6dc573589acf8ac8092092202f58d4ed
- SHA1
  
  750b6635c21b4769e710c30c1c10558bd637838d
- SHA256
  
  24ecddd58b2f4c310daa76b8ede57c5f94e168471a371790c1daef74ac0bde0b
- SHA512
  
  d0a85cc77622db4f3659add2d45c4d1323ded8aa5f3cdfab41d471f590da0dbd1465e78e44cbebbfe062eaed57eb564ed382c96636b1232c8a29ef3ce9225768
- SSDEEP
  
  12288:26oJ6sgR8Lz5dxgv5Uq5WmpYshXZPbGwidNpgPU:6J6s1Lz5cv5Uq5WmD9idNp+U
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation