spynote | 769d6100b199eb13edec184c55dd9f0f954bf59085d17a54889f3c7e284846ff | Triage

Sharing

General

Target

769d6100b199eb13edec184c55dd9f0f954bf59085d17a54889f3c7e284846ff.bin
Size

760KB
Sample

241230-1wpj7stlct
MD5

17e4462f93de06c0fc8ab1e1b155735f
SHA1

63a31c3e6588540ef794940dedf9340514f189f8
SHA256

769d6100b199eb13edec184c55dd9f0f954bf59085d17a54889f3c7e284846ff
SHA512

06c939f8c5ee0d5f16046ba898636716577797de2a6038c91d73e8bd0bf567ae5d7b9312760ad5e365f31ac0f5f89c8a5a4230b52fcec030608dbd2b2c1ce3f8
SSDEEP

12288:ZRyOa1a8Lde09SIMQx4M5WmpYshXZPbGwidNpgre:3a1a6e0lMQx4M5WmD9idNpwe

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

break-lounge.gl.at.ply.gg:47852

Targets

- Target
  
  769d6100b199eb13edec184c55dd9f0f954bf59085d17a54889f3c7e284846ff.bin
- Size
  
  760KB
- MD5
  
  17e4462f93de06c0fc8ab1e1b155735f
- SHA1
  
  63a31c3e6588540ef794940dedf9340514f189f8
- SHA256
  
  769d6100b199eb13edec184c55dd9f0f954bf59085d17a54889f3c7e284846ff
- SHA512
  
  06c939f8c5ee0d5f16046ba898636716577797de2a6038c91d73e8bd0bf567ae5d7b9312760ad5e365f31ac0f5f89c8a5a4230b52fcec030608dbd2b2c1ce3f8
- SSDEEP
  
  12288:ZRyOa1a8Lde09SIMQx4M5WmpYshXZPbGwidNpgre:3a1a6e0lMQx4M5WmD9idNpwe
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation