spynote | 15cd9df9a12abb2e43f24ea1aaccef25a4ee800f5360dee59885463df816600c | Triage

Sharing

General

Target

15cd9df9a12abb2e43f24ea1aaccef25a4ee800f5360dee59885463df816600c.bin
Size

3.6MB
Sample

241210-1xg7hswmgk
MD5

9a2a04f5876d99b6bd203e7f7bf1208f
SHA1

8ca7b1156a5acb5b4952ab8e7c772d878c4926c9
SHA256

15cd9df9a12abb2e43f24ea1aaccef25a4ee800f5360dee59885463df816600c
SHA512

a60b97014638ab9bacf094693a74993447854d2e9ae57a2eeefec43b199e20e1e7e901b171127b0f1abb37359b31e221704629235e1129687d9ef1b72131a64b
SSDEEP

98304:bCLek9Z2oFAPC1emv+TZVzB+v7EelpocvkKb:mek9nePDmvoZRov7EeliukQ

Score

10^/10

spynote android banker discovery evasion persistence

Malware Config

Extracted

Family

spynote

C2

147.185.221.22:42054

Targets

- Target
  
  15cd9df9a12abb2e43f24ea1aaccef25a4ee800f5360dee59885463df816600c.bin
- Size
  
  3.6MB
- MD5
  
  9a2a04f5876d99b6bd203e7f7bf1208f
- SHA1
  
  8ca7b1156a5acb5b4952ab8e7c772d878c4926c9
- SHA256
  
  15cd9df9a12abb2e43f24ea1aaccef25a4ee800f5360dee59885463df816600c
- SHA512
  
  a60b97014638ab9bacf094693a74993447854d2e9ae57a2eeefec43b199e20e1e7e901b171127b0f1abb37359b31e221704629235e1129687d9ef1b72131a64b
- SSDEEP
  
  98304:bCLek9Z2oFAPC1emv+TZVzB+v7EelpocvkKb:mek9nePDmvoZRov7EeliukQ
Score

7^/10

banker discovery evasion persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdiscoveryevasionpersistence

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionpersistence