spynote | ba8b22fbc74a31aeea945dd6db71a069ea78026ea4dbf9639cd1d292c7e0cef4 | Triage

Sharing

General

Target

ba8b22fbc74a31aeea945dd6db71a069ea78026ea4dbf9639cd1d292c7e0cef4.bin
Size

760KB
Sample

241217-122fyszlhw
MD5

e0a438105214931e5eaa867540ab2d14
SHA1

e9a2f8a174cfc6b041569e652605633b9ac817ce
SHA256

ba8b22fbc74a31aeea945dd6db71a069ea78026ea4dbf9639cd1d292c7e0cef4
SHA512

b71b308e1186dffffe232a8c0529448bbc4265948ecf2a972f98bb763a71fdbad7377cdfd0274406ce512f870f5168cd7fa844e3bec868bdfb538e3ed08e9191
SSDEEP

12288:ZWOwoBZRvSMqrz/XXv7aoq5WmpYshXZPbGwidNpgYd:ZzBZRrqrLXzaoq5WmD9idNpjd

Score

10^/10

spynote android banker discovery evasion persistence

Malware Config

Extracted

Family

spynote

C2

server-adding.gl.at.ply.gg:1755

Targets

- Target
  
  ba8b22fbc74a31aeea945dd6db71a069ea78026ea4dbf9639cd1d292c7e0cef4.bin
- Size
  
  760KB
- MD5
  
  e0a438105214931e5eaa867540ab2d14
- SHA1
  
  e9a2f8a174cfc6b041569e652605633b9ac817ce
- SHA256
  
  ba8b22fbc74a31aeea945dd6db71a069ea78026ea4dbf9639cd1d292c7e0cef4
- SHA512
  
  b71b308e1186dffffe232a8c0529448bbc4265948ecf2a972f98bb763a71fdbad7377cdfd0274406ce512f870f5168cd7fa844e3bec868bdfb538e3ed08e9191
- SSDEEP
  
  12288:ZWOwoBZRvSMqrz/XXv7aoq5WmpYshXZPbGwidNpgYd:ZzBZRrqrLXzaoq5WmD9idNpjd
Score

7^/10

banker discovery evasion persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdiscoveryevasionpersistence

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionpersistence