spynote | 97b57a4161923305dcba04fa8822be10c130083e2c5c24ad49a509f1cf1bd9ac

General

Target

97b57a4161923305dcba04fa8822be10c130083e2c5c24ad49a509f1cf1bd9ac
Size

6.5MB
Sample

241225-rf3mfsvmfj
MD5

1c7669d422b714378a28ed85361d6683
SHA1

b8e51cdd4e78e07d7ea374c60692ff9e2b93c7d4
SHA256

97b57a4161923305dcba04fa8822be10c130083e2c5c24ad49a509f1cf1bd9ac
SHA512

1bce0127e91caae29d387be837f76c0ff370a20f5c83e815ed96def2fdf19ea3946cb2ed7c046c48a79fd69f1a006bcb48378c88c58b829212de4020fb807ad3
SSDEEP

98304:OoNwJKiItDYLJoA0vDhJBZH2o1dJqvmzJzBaTa0teR7Wg:OQaKiIDYLZ0rHT71K+z25s

Score

10^/10

Malware Config

Extracted

Family

spynote

C2

200.9.154.61:7554

Targets

- Target
  
  97b57a4161923305dcba04fa8822be10c130083e2c5c24ad49a509f1cf1bd9ac
- Size
  
  6.5MB
- MD5
  
  1c7669d422b714378a28ed85361d6683
- SHA1
  
  b8e51cdd4e78e07d7ea374c60692ff9e2b93c7d4
- SHA256
  
  97b57a4161923305dcba04fa8822be10c130083e2c5c24ad49a509f1cf1bd9ac
- SHA512
  
  1bce0127e91caae29d387be837f76c0ff370a20f5c83e815ed96def2fdf19ea3946cb2ed7c046c48a79fd69f1a006bcb48378c88c58b829212de4020fb807ad3
- SSDEEP
  
  98304:OoNwJKiItDYLJoA0vDhJBZH2o1dJqvmzJzBaTa0teR7Wg:OQaKiIDYLZ0rHT71K+z25s
Score

4^/10

persistence
behavioral1 behavioral2 behavioral3
- Target
  
  childapp.apk
- Size
  
  3.8MB
- MD5
  
  2e4eb67c47fcd577049a2b51de702998
- SHA1
  
  7d1253695a722679c3adddac860b79d33088d444
- SHA256
  
  47a9af3f2ebcd0cf940e0e4f5a65a8bf20af15786030e0b921709adade6cf2d7
- SHA512
  
  e8402ede8062c25f0693133355c1068386cb5427a8ed9c2ca0852980c8ce86fe24c3e372e642113152e9ff3d64dcd80c3341b00124df563c1f1be6405803721e
- SSDEEP
  
  49152:G6FQ0bL+VAttjJxbf43Bo1dJtp6CUIA1vmzJzdGG1QTOMQUhYqy0cgeRX2ikwWwn:xBZH2o1dJqvmzJzBaTa0teR7Wo
Score

7^/10

banker collection credential_access discovery evasion execution persistence impact phishing
- A potential corporate email address has been identified in the URL: ecc6f5e6b0@apng
  phishing
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral4 behavioral5 behavioral6