Overview

overview

10

Static

static

6

104c979451...2e.apk

android-9-x86

10

104c979451...2e.apk

android-10-x64

10

104c979451...2e.apk

android-11-x64

10

Analysis

  • max time kernel
    29s
  • max time network
    36s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    17-12-2024 00:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    104c979451404484a8f33e232210490c42330873f023d39abbe05b8af7e7be2e.apk

  • Size

    6.6MB

  • MD5

    30500ebb730127706c8d013db441b5f4

  • SHA1

    63ca81ea7d3ef0777f5a05d352553fd6418e4d50

  • SHA256

    104c979451404484a8f33e232210490c42330873f023d39abbe05b8af7e7be2e

  • SHA512

    82048105c36d7f2e064f2fcfe71bdb67275d3973da615e088d1821d7c9ff5029dfce6379ee9ff1b9d7c1c33d5c97fc5c839c8c5527d34a09ffd39833ad367323

  • SSDEEP

    98304:1bhkTuP50I6wtdWsh3iknKRTnt9Pkuo17qc3GMFWCE3UcNbyt0tIzB0mzCTuf2h:1d1SwHd3iSkjr6xqc3a4zayC

Score
10/10
spynotebankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

spynote

C2

178.255.218.216:7001

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote family
    spynote
  • Spynote payload 1 IoCs
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • cultures.fundamental.reasonable
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4485

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/cultures.fundamental.reasonable/app_muffin/sCwaUp.json
    Filesize

    3.1MB

    MD5

    0d94f106aee7a789401baa4e5d788e33

    SHA1

    10e3f7f64acb025a70848e5290f22947578983c1

    SHA256

    0806180563f43c62d943f9a5299d5d8fe44a7a967370ee10d19e5f6fd47b290b

    SHA512

    1683b059edf6de68fd0bc919226a4dfef5adb56d1d2df2a78512522eb6ef359be18399686861e1fd97f22b8d6c5095f6cddd66daad3f6bddd8f1165d4fda2c0b

    Download Submit

  • /data/user/0/cultures.fundamental.reasonable/app_muffin/sCwaUp.json
    Filesize

    3.1MB

    MD5

    12b0d1dec6616d7b8b012560cce91159

    SHA1

    4965981f841fa6e9f19bb172decf7c566a3a8638

    SHA256

    6e32765c07debbc6df70fcc5a6dcad07d55b84a4840ad8479431872bf98fb514

    SHA512

    a9c96f9ae21d6d53794718bf4aa39670f40fc72c4fae440f4f2836d03ab239dbbbeb12621d5524d5a18c34b20a2c07d9eaa8a00af5d59f5c238f6737b38bab5f

    Download Submit

  • /data/user/0/cultures.fundamental.reasonable/app_muffin/sCwaUp.json
    Filesize

    6.4MB

    MD5

    a965ad2a164ed2ffc15ac73ed2ba1815

    SHA1

    4b07f503d8c4ac16a185d09f066d362163b861e5

    SHA256

    500d02947bfbab6becb4f600aadf7db019fc11ad4828235fb36e95366eafdbdf

    SHA512

    9ca00e62c8852dc8c41962d02674bb61205f36be4b5058a1032d1da7857051836f460750b6003d9d0b51ba42986b09e2880db816c98180d4846867b44afad2ed

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-17.txt
    Filesize

    21B

    MD5

    49a46df8628462b2e85c59b785d3ffd9

    SHA1

    e6ad5cab38022c488903fb1475b4fed021070f46

    SHA256

    189e442c77f2e0be8fd8d21c5cbdf79fb3f430e82acb783fa913e6af2dc0f319

    SHA512

    1fdc0457f4f949a8227cc49a7141b170d5db7539b256ca2e7714b0e0fb1c4139e2c8622110372bd539f492a2da1829a0fb0a508cd86bdda6b1df1d91c9ad1b77

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-17.txt
    Filesize

    29B

    MD5

    5681d4f2b0cf8f7d7217799eaa72fd4b

    SHA1

    d48d0d74a993a8447b8b8a737c37d3d7ad1f7cd3

    SHA256

    f2122e0fd2154b84f7cdd436652e9bc22724c1620b5bab477a6b3b6f8d79272f

    SHA512

    aa231f4dd38aef478511b425f89c67b4710c9063ad9b21fd4a8b07085942ea51ca0c5b09a11b07dcef5f9d3e1e709ce58b62dcaa4e55467bb05df43c8d982469

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-17.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-12-17.txt
    Filesize

    276B

    MD5

    905aebe7a74ee2feb627f48df2f24b45

    SHA1

    89cc78d590f1c6ada9d2f2e97a3050f8cab04f2f

    SHA256

    e5c2433b8c89982878cc0462f2741f1dc63f20b7ee7d72cda72d0eefb51ae9f8

    SHA512

    6aa46b82e16c01e6a6c4539ae94c9e4696534b385de402e21b2b244a8ea2ccfb0d74386aafd799168e96d8905afaa5648b936f00d887fc25c9fe13dc42a4d985

    Download Submit