Overview

overview

10

Static

static

10

Serasa Sco...4).apk

android-9-x86

1

Serasa Sco...4).apk

android-10-x64

1

Serasa Sco...4).apk

android-11-x64

1

childapp.apk

android-9-x86

8

childapp.apk

android-10-x64

8

childapp.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Serasa Score (1) (4).apk

  • Size

    4.6MB

  • Sample

    241219-wkh6tsxjgs

  • MD5

    f3b066c1e73649cf191c37bac74fd1be

  • SHA1

    01766f9765338a7555fb88a9003cda84b1c4ede1

  • SHA256

    c34498e0deb153d9ead03345a692cb71d14ab654b7d39f26d3f52b327ad033c0

  • SHA512

    8ffbfc426d24d7ad07e0b7d7dfddab8453d4d81ba77bf7a6ec001acc27f0ebf325b3a3b3e1c6bbb3f2aa53a2144628b7368e4c3b28a4a4b390ea0518a331345b

  • SSDEEP

    98304:hXz/GHIMP1AxAF3nwp5sPKPc7VotXQO1tcGH54R/fU732RYOu5RW4T8gffSrLhBl:Zz/8IMPGAFXmsSMqVVk2mSOeWZgnSrLB

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Extracted

Family

spynote

C2

0.tcp.sa.ngrok.io:12113

Targets

    • Target

      Serasa Score (1) (4).apk

    • Size

      4.6MB

    • MD5

      f3b066c1e73649cf191c37bac74fd1be

    • SHA1

      01766f9765338a7555fb88a9003cda84b1c4ede1

    • SHA256

      c34498e0deb153d9ead03345a692cb71d14ab654b7d39f26d3f52b327ad033c0

    • SHA512

      8ffbfc426d24d7ad07e0b7d7dfddab8453d4d81ba77bf7a6ec001acc27f0ebf325b3a3b3e1c6bbb3f2aa53a2144628b7368e4c3b28a4a4b390ea0518a331345b

    • SSDEEP

      98304:hXz/GHIMP1AxAF3nwp5sPKPc7VotXQO1tcGH54R/fU732RYOu5RW4T8gffSrLhBl:Zz/8IMPGAFXmsSMqVVk2mSOeWZgnSrLB

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      childapp.apk

    • Size

      8.5MB

    • MD5

      9c1266320e6a04474aec7c5cd9b62c98

    • SHA1

      ac1903ac27be00f4f5a197493edb9d67ecdda3d2

    • SHA256

      c16ba30befa0a3de2f963cbf2d79afa17b9438aa919932b31c2886d40d648c1a

    • SHA512

      49f6c9cd8c72b91af6ac431f0ebbb7d0bef57b1fd1a1e21f1e262f951ad449a9accd70102186b480807bdae6799f1d4e1566cd515f8ca7bc66d54795ccafe2f6

    • SSDEEP

      98304:BezBVTM0tgmzlZnaBNZC7K6qrXt/S3EksXnD7+:mffz7ajZC8fH3+

    Score
    8/10
    bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Legitimate hosting services abused for malware hosting/C2

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral4behavioral5behavioral6

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks