spynote | a8ef185541bbb0523e5408cdc27c8185945a753d6f29b70827c26239a3ed9159 | Triage

Sharing

General

Target

Grab n Go v2.apk (1).apk
Size

18.7MB
Sample

241216-ke9wtasmgx
MD5

de99a5fb0677f53649bd0826ce609f91
SHA1

4e1f874c2193d675265dc1789b3cb5cc7ea230e9
SHA256

a8ef185541bbb0523e5408cdc27c8185945a753d6f29b70827c26239a3ed9159
SHA512

77d93cbadade8f398f53699d75257478d83fe94bd252bdfacf225b51ddac166b068d8d888f310b61556c42ea13fe130dd0502e9deeb9015d94a06ce0bd8d9b8b
SSDEEP

12288:Q+cZYSfpLpf3OtG93iEyf1TNJNwopthcuCkF3izP1rgU7EnbTQDsdtviqd+WtlL0:4fmt23iZ1TNJ/fhcuR3+d0UATXgiwWC

Score

10^/10

spynote android collection credential_access evasion execution persistence stealth trojan

Malware Config

Extracted

Family

spynote

C2

156.240.111.65:1151

Targets

- Target
  
  Grab n Go v2.apk (1).apk
- Size
  
  18.7MB
- MD5
  
  de99a5fb0677f53649bd0826ce609f91
- SHA1
  
  4e1f874c2193d675265dc1789b3cb5cc7ea230e9
- SHA256
  
  a8ef185541bbb0523e5408cdc27c8185945a753d6f29b70827c26239a3ed9159
- SHA512
  
  77d93cbadade8f398f53699d75257478d83fe94bd252bdfacf225b51ddac166b068d8d888f310b61556c42ea13fe130dd0502e9deeb9015d94a06ce0bd8d9b8b
- SSDEEP
  
  12288:Q+cZYSfpLpf3OtG93iEyf1TNJNwopthcuCkF3izP1rgU7EnbTQDsdtviqd+WtlL0:4fmt23iZ1TNJ/fhcuR3+d0UATXgiwWC
Score

8^/10

collection credential_access evasion execution persistence stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Hide Artifacts

Suppress Application Icon

User Evasion

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessevasionexecutionpersistencestealthtrojan

behavioral2

collectioncredential_accessevasionexecutionpersistencestealthtrojan

behavioral3

collectioncredential_accessevasionexecutionpersistencestealthtrojan