Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ready.apk

android-9-x86

7

ready.apk

android-10-x64

7

ready.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ready.apk

  • Size

    6.2MB

  • Sample

    241226-2r72estpfr

  • MD5

    24de8a5126b73a9c564599af82f5ac89

  • SHA1

    24b35b63378887351be0dd582de1bf82db9e5c12

  • SHA256

    60bbc95a12a5a23a499d6059280e5f45a0b4fbc9f296471291cf18503984737c

  • SHA512

    af431a8141c87a5ed758b819d0ecfeedb3c01a898d82362d7e2bb481b623ccd7e9a550a79e32d33140164d5455a68015e0e9a9f46333d7e2ac87085ae1985daa

  • SSDEEP

    24576:mjL5wKvqLbcYBM/BQlu6kF4G3tSU0Uia2Ol94Y0cz+v:C6Kvq/cADc3sU0Ui25Y

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionexecutionimpactpersistenceprivilege_escalation

Malware Config

Extracted

Family

spynote

C2

24.ip.gl.ply.gg:46885

Targets

    • Target

      ready.apk

    • Size

      6.2MB

    • MD5

      24de8a5126b73a9c564599af82f5ac89

    • SHA1

      24b35b63378887351be0dd582de1bf82db9e5c12

    • SHA256

      60bbc95a12a5a23a499d6059280e5f45a0b4fbc9f296471291cf18503984737c

    • SHA512

      af431a8141c87a5ed758b819d0ecfeedb3c01a898d82362d7e2bb481b623ccd7e9a550a79e32d33140164d5455a68015e0e9a9f46333d7e2ac87085ae1985daa

    • SSDEEP

      24576:mjL5wKvqLbcYBM/BQlu6kF4G3tSU0Uia2Ol94Y0cz+v:C6Kvq/cADc3sU0Ui25Y

    Score
    7/10
    bankercollectioncredential_accessdiscoveryevasionexecutionimpactpersistenceprivilege_escalation

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Tries to add a device administrator.

      privilege_escalationimpact
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1626

Device Administrator Permissions

1
T1626.001

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Account Access Removal

1
T1640

Input Injection

1
T1516

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.