Overview

overview

10

Static

static

10

c684dd975a...1b.apk

android-9-x86

1

c684dd975a...1b.apk

android-10-x64

1

c684dd975a...1b.apk

android-11-x64

1

childapp.apk

android-9-x86

7

childapp.apk

android-10-x64

7

childapp.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d3bf0fb430b02719e7dd9d593c7c9fa.bin

  • Size

    5.2MB

  • Sample

    241212-bgkv2azjcl

  • MD5

    b86a9b22fff564bcbad7b0743be14c0a

  • SHA1

    245534ad1472f269a3029a3ee10578c8345606ff

  • SHA256

    f99241c9ec325f1ba033e509ed408a61f3eb44a8cbf477beba67011657a82ac6

  • SHA512

    a58bc5b4a7a6285c4daab059a7f84438fcc810a35d5e7b863fcd0ee29f7b65ea00c801d92c3e15ca23ae685f17dd812bf7620b4428d933cbe9bf07e9c4c0a4f0

  • SSDEEP

    98304:yy5ZCdLIm4HlkSirgLwsJZmr0m/yM+G7wG8XBE+OWysnU8um6QUutQo:3S+6SiMdmr0m/yMfMG8XBEvWyqU8oQUc

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Extracted

Family

spynote

C2

200.9.154.61:7554

Targets

    • Target

      c684dd975ab9900f3ac0e7a5f0a0853f28a700513fa96f69d42a3276a47f061b.apk

    • Size

      6.6MB

    • MD5

      1d3bf0fb430b02719e7dd9d593c7c9fa

    • SHA1

      68e0ea024fafb0c1c08557c7f6cfd84e418c5533

    • SHA256

      c684dd975ab9900f3ac0e7a5f0a0853f28a700513fa96f69d42a3276a47f061b

    • SHA512

      828831d1511204122f4f73545595e5f325c52a94d6dc0d0ca31aa5cd091a3842bfce817a7ae0a2f8a97d376872094a784d5108c35eefa6dbdc835a519a3f7a17

    • SSDEEP

      196608:sOk8v7XjvfAS9XzgHLE10b0mgMkmupz/oSmw:sOjjjvfAqXWLEiIkOgSt

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      childapp.apk

    • Size

      3.9MB

    • MD5

      4fc7f8f6b649f1aa03655d44f4675d10

    • SHA1

      630689e1599bb4bd2807d35b5a529df96df2e7dc

    • SHA256

      212194705ddd7c56b71d044cd0a3577af87e61c2aaa0421822088583dc949598

    • SHA512

      3d6bfd78bad270a5297c8f4b3dd9120e1b898c7733e0eb998db23cb968d3866314a52fcadb5ae891695fde44574f1c8f14431271517835b94464b007b15e2341

    • SSDEEP

      98304:XxE10b0mg463yklQuumzZzBHTX0tZRSmV00zV:BE10b0mgMkmupz/oSm1

    Score
    7/10
    bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Queries information about active data network

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral4behavioral5behavioral6

MITRE ATT&CK Mobile v15

Tasks