spynote | 3951bb59f27a1c895ba574335d61d6d6fd732bd4017033559aee9438daf7a41f | Triage

Sharing

General

Target

3951bb59f27a1c895ba574335d61d6d6fd732bd4017033559aee9438daf7a41f.bin
Size

839KB
Sample

250111-11tdystqhp
MD5

600b8149bd343834b4978b4b6690190d
SHA1

9026afe145c675ee742f1aa3e21c5ad208d887e7
SHA256

3951bb59f27a1c895ba574335d61d6d6fd732bd4017033559aee9438daf7a41f
SHA512

4453bc5bd226d0560330a9b663263176682b30b0be7eebf7427ef834be43e329a865c7265bdd966798afa8681df8e72de65bad130c2b8b762c726202fadfcb22
SSDEEP

12288:DhVG0NNa1a8Lre1PnDuH0SegOhF2Z5WmpYshXZPbGwidNpg74:NE2Na1a2eZDo0kOhgZ5WmD9idNpn

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

0.tcp.ngrok.io:14051

Targets

- Target
  
  3951bb59f27a1c895ba574335d61d6d6fd732bd4017033559aee9438daf7a41f.bin
- Size
  
  839KB
- MD5
  
  600b8149bd343834b4978b4b6690190d
- SHA1
  
  9026afe145c675ee742f1aa3e21c5ad208d887e7
- SHA256
  
  3951bb59f27a1c895ba574335d61d6d6fd732bd4017033559aee9438daf7a41f
- SHA512
  
  4453bc5bd226d0560330a9b663263176682b30b0be7eebf7427ef834be43e329a865c7265bdd966798afa8681df8e72de65bad130c2b8b762c726202fadfcb22
- SSDEEP
  
  12288:DhVG0NNa1a8Lre1PnDuH0SegOhF2Z5WmpYshXZPbGwidNpg74:NE2Na1a2eZDo0kOhgZ5WmD9idNpn
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation