Overview

overview

10

Static

static

10

84cf549292...56.apk

android-9-x86

7

84cf549292...56.apk

android-10-x64

7

84cf549292...56.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    84cf54929212678e534ee118d238c4d7de1929a3cde295b29e35d7902e037556.bin

  • Size

    860KB

  • Sample

    241218-1zvkmavkbl

  • MD5

    b6ed027acfc64896535f3b04e120cef3

  • SHA1

    981244264f8e335d0e78f7fc3a05068716c89c71

  • SHA256

    84cf54929212678e534ee118d238c4d7de1929a3cde295b29e35d7902e037556

  • SHA512

    565a9a2fcc7afc51a45f1f2aaabc6fb8a6e9d243d75477659ef7687485146e00b62ccde11c333d3bdc296bcc8a223bc244a96dc6c69353aeaa200d2448c02168

  • SSDEEP

    12288:JOXjITfa1a8LreNvFNz7gvEj5WmpYshXZPbGwidNpgL:EXjwfa1a2eNvFx7gvEj5WmD9idNpU

Score
10/10
spynoteandroidbankerdiscoveryevasionpersistence

Malware Config

Extracted

Family

spynote

C2

175.107.16.234:5555

Targets

    • Target

      84cf54929212678e534ee118d238c4d7de1929a3cde295b29e35d7902e037556.bin

    • Size

      860KB

    • MD5

      b6ed027acfc64896535f3b04e120cef3

    • SHA1

      981244264f8e335d0e78f7fc3a05068716c89c71

    • SHA256

      84cf54929212678e534ee118d238c4d7de1929a3cde295b29e35d7902e037556

    • SHA512

      565a9a2fcc7afc51a45f1f2aaabc6fb8a6e9d243d75477659ef7687485146e00b62ccde11c333d3bdc296bcc8a223bc244a96dc6c69353aeaa200d2448c02168

    • SSDEEP

      12288:JOXjITfa1a8LreNvFNz7gvEj5WmpYshXZPbGwidNpgL:EXjwfa1a2eNvFx7gvEj5WmD9idNpU

    Score
    7/10
    bankerdiscoveryevasionpersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks