spynote | f043b68f41b30f60904a8ad9ef11050ef11a6f00393485b6f2bd332a2654aa1f | Triage

Sharing

General

Target

f043b68f41b30f60904a8ad9ef11050ef11a6f00393485b6f2bd332a2654aa1f.bin
Size

793KB
Sample

241214-1yr34sxmcp
MD5

065cbc8cd1cea42511dc6e5d362d9fc1
SHA1

5c2dd7e7a919b92893bd772e0916f625bc98bad9
SHA256

f043b68f41b30f60904a8ad9ef11050ef11a6f00393485b6f2bd332a2654aa1f
SHA512

fd5b9d2e59f1b96959eb65b1dbd84f843214e5f431b286129af80f961a0627e2e2b364ce514951af28f71b14c5b035db42578825b26b50b7cc42b69478395631
SSDEEP

12288:3XsXJ6sgR8Lz1+McENbfVh45WmpYshXZPbGwidNpgES:3cXJ6s1Lzo9EZfVm5WmD9idNpI

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

edition-azerbaijan.gl.at.ply.gg:43346

Targets

- Target
  
  f043b68f41b30f60904a8ad9ef11050ef11a6f00393485b6f2bd332a2654aa1f.bin
- Size
  
  793KB
- MD5
  
  065cbc8cd1cea42511dc6e5d362d9fc1
- SHA1
  
  5c2dd7e7a919b92893bd772e0916f625bc98bad9
- SHA256
  
  f043b68f41b30f60904a8ad9ef11050ef11a6f00393485b6f2bd332a2654aa1f
- SHA512
  
  fd5b9d2e59f1b96959eb65b1dbd84f843214e5f431b286129af80f961a0627e2e2b364ce514951af28f71b14c5b035db42578825b26b50b7cc42b69478395631
- SSDEEP
  
  12288:3XsXJ6sgR8Lz1+McENbfVh45WmpYshXZPbGwidNpgES:3cXJ6s1Lzo9EZfVm5WmD9idNpI
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscovery

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation