spynote | 6dc63508d8efe1f348e38d168a46b4823af187e1c4aee5975208ade91b25ad94 | Triage

Sharing

General

Target

6dc63508d8efe1f348e38d168a46b4823af187e1c4aee5975208ade91b25ad94.bin
Size

760KB
Sample

241208-1zejeavmey
MD5

3b7b629d3859f20465dda2b6853488d9
SHA1

edffdcfd44d611cac367161ab1e41d0dace13ee0
SHA256

6dc63508d8efe1f348e38d168a46b4823af187e1c4aee5975208ade91b25ad94
SHA512

f42000c42340ead6002c6a19a40beaff17fb062b73f315e1e4ba3ea8c7be0a3b1f020b86c7c0734cb12a0c2aaa3c6fa5ee1d134f6674e657bb00eba845a12c92
SSDEEP

12288:0WbzPa1a8LzeqnEH4bhd5WmpYshXZPbGwidNpgN:0WPa1ameqK4bhd5WmD9idNp6

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

24.ip.gl.ply.gg:22375

Targets

- Target
  
  6dc63508d8efe1f348e38d168a46b4823af187e1c4aee5975208ade91b25ad94.bin
- Size
  
  760KB
- MD5
  
  3b7b629d3859f20465dda2b6853488d9
- SHA1
  
  edffdcfd44d611cac367161ab1e41d0dace13ee0
- SHA256
  
  6dc63508d8efe1f348e38d168a46b4823af187e1c4aee5975208ade91b25ad94
- SHA512
  
  f42000c42340ead6002c6a19a40beaff17fb062b73f315e1e4ba3ea8c7be0a3b1f020b86c7c0734cb12a0c2aaa3c6fa5ee1d134f6674e657bb00eba845a12c92
- SSDEEP
  
  12288:0WbzPa1a8LzeqnEH4bhd5WmpYshXZPbGwidNpgN:0WPa1ameqK4bhd5WmD9idNp6
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscovery

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation