Overview

overview

10

Static

static

10

6b8f4b42ac...a4.apk

android-9-x86

7

6b8f4b42ac...a4.apk

android-10-x64

7

6b8f4b42ac...a4.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b8f4b42aceb97631a67731a7d1344f5d99fd04e5aaaf1b8b4f5e5d2f8a9e7a4.bin

  • Size

    760KB

  • Sample

    250103-1yrgkswjdv

  • MD5

    e16839296398760f818b0ebacb21a6d4

  • SHA1

    b460a66553711e605839a580c52bba87a707ddff

  • SHA256

    6b8f4b42aceb97631a67731a7d1344f5d99fd04e5aaaf1b8b4f5e5d2f8a9e7a4

  • SHA512

    0f6f22e415e50d573d5d412d7237804d53e76098670d923028ee36bc0acc9e1cd171984cf195a5163690372802412f87ad25e4168cfce866a24be5117321e2d8

  • SSDEEP

    12288:Gdkfr1a1a8Lrecty4Uzwqk5WmpYshXZPbGwidNpgA3:Gd0a1a2ec5UMqk5WmD9idNp9

Score
10/10
spynoteandroidbankerdiscoveryevasionimpactpersistenceprivilege_escalation

Malware Config

Extracted

Family

spynote

C2

7.tcp.eu.ngrok.io:19072

Targets

    • Target

      6b8f4b42aceb97631a67731a7d1344f5d99fd04e5aaaf1b8b4f5e5d2f8a9e7a4.bin

    • Size

      760KB

    • MD5

      e16839296398760f818b0ebacb21a6d4

    • SHA1

      b460a66553711e605839a580c52bba87a707ddff

    • SHA256

      6b8f4b42aceb97631a67731a7d1344f5d99fd04e5aaaf1b8b4f5e5d2f8a9e7a4

    • SHA512

      0f6f22e415e50d573d5d412d7237804d53e76098670d923028ee36bc0acc9e1cd171984cf195a5163690372802412f87ad25e4168cfce866a24be5117321e2d8

    • SSDEEP

      12288:Gdkfr1a1a8Lrecty4Uzwqk5WmpYshXZPbGwidNpgA3:Gd0a1a2ec5UMqk5WmD9idNp9

    Score
    7/10
    bankerdiscoveryevasionimpactpersistenceprivilege_escalation

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Legitimate hosting services abused for malware hosting/C2

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

      privilege_escalationimpact
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks