spynote | c71ef3dd95d32d8c35e601b9c702a6e0e16de452f6d0ce8d2014cb89c537e125 | Triage

Resubmissions

17-12-2024 10:46

241217-mt1b2axmb1 10

17-12-2024 10:42

241217-mrst6syjgp 10

Sharing

General

Target

c71ef3dd95d32d8c35e601b9c702a6e0e16de452f6d0ce8d2014cb89c537e125
Size

7.1MB
Sample

241217-mt1b2axmb1
MD5

95b2d08b9866b19f29db0c0ca0364768
SHA1

8dd3a98c5341f01152b5c4bb6c433aeabe005e95
SHA256

c71ef3dd95d32d8c35e601b9c702a6e0e16de452f6d0ce8d2014cb89c537e125
SHA512

0ffa2ab56c0b048fa31aa738672efa040745ca8509b25a6d5046669a1453dfbe15d038a972fc807641782eb1dc085a523b3c0e9bc4e82af3d2bc867a23f05b7c
SSDEEP

196608:xmOdRXWK31DLtoEPQwVi3CeutJhcHADg7aWt8Zik:RdL31DLtoKVuQbhcHFx8

Score

10^/10

spynote android collection credential_access evasion execution persistence

Malware Config

Targets

- Target
  
  c71ef3dd95d32d8c35e601b9c702a6e0e16de452f6d0ce8d2014cb89c537e125
- Size
  
  7.1MB
- MD5
  
  95b2d08b9866b19f29db0c0ca0364768
- SHA1
  
  8dd3a98c5341f01152b5c4bb6c433aeabe005e95
- SHA256
  
  c71ef3dd95d32d8c35e601b9c702a6e0e16de452f6d0ce8d2014cb89c537e125
- SHA512
  
  0ffa2ab56c0b048fa31aa738672efa040745ca8509b25a6d5046669a1453dfbe15d038a972fc807641782eb1dc085a523b3c0e9bc4e82af3d2bc867a23f05b7c
- SSDEEP
  
  196608:xmOdRXWK31DLtoEPQwVi3CeutJhcHADg7aWt8Zik:RdL31DLtoKVuQbhcHFx8
Score

1^/10
behavioral1
- Target
  
  childapp.apk
- Size
  
  4.4MB
- MD5
  
  eb948696d66487ac2bef0fa563dc92c0
- SHA1
  
  38177babf108280ceca770755aec1ad6d20721c8
- SHA256
  
  ddf47d6e6c046957d7b244a58d6e10c4ff6bfb526c994aae27b02994d21e6d29
- SHA512
  
  284fd723b9e92909ed838e7e3ad07d9e26031dd0e72cd0450df8de4d9f02ee35930e851fb35c1d747f596cec5533a26c9f03dd1208cfcd42a6705f6ae301dfc6
- SSDEEP
  
  49152:VupgmJc8zdGGaQTO7mz6eYq490cg0yUPJ5rlSDRpI3ycqaDmWnwWUup8bB9Ij5SL:d8zB1TQmz6590tyJz4cEcm+7UpUa908H
Score

7^/10

collection credential_access evasion execution persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Requests enabling of the accessibility settings.
behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

behavioral2

collectioncredential_accessevasionexecutionpersistence