spynote | bcc04ff46fed1173c126bebef4ec8ec858a836690018a330c8e51ad33a3d9df9 | Triage

Sharing

General

Target

bcc04ff46fed1173c126bebef4ec8ec858a836690018a330c8e51ad33a3d9df9.bin
Size

868KB
Sample

250102-1xqhwszqbp
MD5

fe6908ca61bf579036738def1165cc7d
SHA1

9a339cff74403435f36bffc9938c77459274439e
SHA256

bcc04ff46fed1173c126bebef4ec8ec858a836690018a330c8e51ad33a3d9df9
SHA512

bef8e5611716548bd36b31dd92cb65771e0d93128bf339ea17a79a0ca42b956830afabff60409fcb5c54df3b75bb6a623888db560b8ea397500b9433e8b812e1
SSDEEP

12288:lbaOxwMsqa1a8LVe1bUzOcN/+W8HnDb5WmpYshXZPbGwidNpg1L:tauwMsqa1aKe1gOi+ZHnDb5WmD9idNpi

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

break-lounge.gl.at.ply.gg:47852

Targets

- Target
  
  bcc04ff46fed1173c126bebef4ec8ec858a836690018a330c8e51ad33a3d9df9.bin
- Size
  
  868KB
- MD5
  
  fe6908ca61bf579036738def1165cc7d
- SHA1
  
  9a339cff74403435f36bffc9938c77459274439e
- SHA256
  
  bcc04ff46fed1173c126bebef4ec8ec858a836690018a330c8e51ad33a3d9df9
- SHA512
  
  bef8e5611716548bd36b31dd92cb65771e0d93128bf339ea17a79a0ca42b956830afabff60409fcb5c54df3b75bb6a623888db560b8ea397500b9433e8b812e1
- SSDEEP
  
  12288:lbaOxwMsqa1a8LVe1bUzOcN/+W8HnDb5WmpYshXZPbGwidNpg1L:tauwMsqa1aKe1gOi+ZHnDb5WmD9idNpi
Score

7^/10

banker discovery evasion persistence impact privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation