Overview

overview

10

Static

static

10

Soft crash.apk

android-11-x64

1

childapp.apk

android-11-x64

7

Resubmissions

04-01-2025 15:53

250104-tbqhfaykan 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Soft crash.apk

  • Size

    7.7MB

  • Sample

    250104-tbqhfaykan

  • MD5

    47d9cd4673c708476c04e337d8c105ed

  • SHA1

    24cf23a9ceabdab475b4a98ef0c7c9b7caeecd90

  • SHA256

    4ae4c7573bf24552136eff68ddeb11ba39f5580c35b82fe92e0fc4268e80a559

  • SHA512

    a4538f9587f1ebfa9ce1eeab0848f8c28f4fad0bbc294f9652318aada3071188d96dcb195ecdc6005805234977064175315aa9115a19e7bac9769c46470a0246

  • SSDEEP

    196608:erSXhO1/WKa6ZmG4fg8xvzMaLEmpMPA1bPhKhCWZS7BI:iSXQ1Fa6cG4fg8t9LpyAVbWZS7W

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      Soft crash.apk

    • Size

      7.7MB

    • MD5

      47d9cd4673c708476c04e337d8c105ed

    • SHA1

      24cf23a9ceabdab475b4a98ef0c7c9b7caeecd90

    • SHA256

      4ae4c7573bf24552136eff68ddeb11ba39f5580c35b82fe92e0fc4268e80a559

    • SHA512

      a4538f9587f1ebfa9ce1eeab0848f8c28f4fad0bbc294f9652318aada3071188d96dcb195ecdc6005805234977064175315aa9115a19e7bac9769c46470a0246

    • SSDEEP

      196608:erSXhO1/WKa6ZmG4fg8xvzMaLEmpMPA1bPhKhCWZS7BI:iSXQ1Fa6cG4fg8t9LpyAVbWZS7W

    Score
    1/10
    behavioral1

    • Target

      childapp.apk

    • Size

      5.9MB

    • MD5

      23ee63803ae78a81c2ff6cdc46ec7639

    • SHA1

      0d4bbaa80b499093b037802a5adb704ee53b2a65

    • SHA256

      1e944d83a33e4840183831598e76418af98e26e639a864fa7ae01348c1d2c2f6

    • SHA512

      e49f9caf396fae644290eeb9bd28a01f5cf72f1e66e950e5cb3d21a2d39be2cf8975f1cc031efc1710b612fa2ef2ec5a664f0598569a9b6e188be2875e80440a

    • SSDEEP

      98304:z3rSIUnDhO1COSti62Cpma6Zad20k49klWgGnxQmzMaLEmPJ6zBOQH0mKYMLHMdj:rrSXhO1/WKa6ZmG4fg8xvzMaLEmpMPt

    Score
    7/10
    bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Requests enabling of the accessibility settings.

    behavioral2

MITRE ATT&CK Mobile v15

Tasks