spynote | c684dd975ab9900f3ac0e7a5f0a0853f28a700513fa96f69d42a3276a47f061b

General

Target

c684dd975ab9900f3ac0e7a5f0a0853f28a700513fa96f69d42a3276a47f061b.apk
Size

6.6MB
Sample

241211-dzta8strgz
MD5

1d3bf0fb430b02719e7dd9d593c7c9fa
SHA1

68e0ea024fafb0c1c08557c7f6cfd84e418c5533
SHA256

c684dd975ab9900f3ac0e7a5f0a0853f28a700513fa96f69d42a3276a47f061b
SHA512

828831d1511204122f4f73545595e5f325c52a94d6dc0d0ca31aa5cd091a3842bfce817a7ae0a2f8a97d376872094a784d5108c35eefa6dbdc835a519a3f7a17
SSDEEP

196608:sOk8v7XjvfAS9XzgHLE10b0mgMkmupz/oSmw:sOjjjvfAqXWLEiIkOgSt

Score

10^/10

Malware Config

Extracted

Family

spynote

C2

200.9.154.61:7554

Targets

- Target
  
  c684dd975ab9900f3ac0e7a5f0a0853f28a700513fa96f69d42a3276a47f061b.apk
- Size
  
  6.6MB
- MD5
  
  1d3bf0fb430b02719e7dd9d593c7c9fa
- SHA1
  
  68e0ea024fafb0c1c08557c7f6cfd84e418c5533
- SHA256
  
  c684dd975ab9900f3ac0e7a5f0a0853f28a700513fa96f69d42a3276a47f061b
- SHA512
  
  828831d1511204122f4f73545595e5f325c52a94d6dc0d0ca31aa5cd091a3842bfce817a7ae0a2f8a97d376872094a784d5108c35eefa6dbdc835a519a3f7a17
- SSDEEP
  
  196608:sOk8v7XjvfAS9XzgHLE10b0mgMkmupz/oSmw:sOjjjvfAqXWLEiIkOgSt
Score

1^/10
behavioral1 behavioral2 behavioral3
- Target
  
  childapp.apk
- Size
  
  3.9MB
- MD5
  
  4fc7f8f6b649f1aa03655d44f4675d10
- SHA1
  
  630689e1599bb4bd2807d35b5a529df96df2e7dc
- SHA256
  
  212194705ddd7c56b71d044cd0a3577af87e61c2aaa0421822088583dc949598
- SHA512
  
  3d6bfd78bad270a5297c8f4b3dd9120e1b898c7733e0eb998db23cb968d3866314a52fcadb5ae891695fde44574f1c8f14431271517835b94464b007b15e2341
- SSDEEP
  
  98304:XxE10b0mg463yklQuumzZzBHTX0tZRSmV00zV:BE10b0mgMkmupz/oSm1
Score

7^/10

banker collection credential_access discovery evasion execution persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Queries information about active data network
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral4 behavioral5 behavioral6