spynote

General

Target

Social Boost.apk
Size

5.0MB
Sample

250112-xwr4jsxnhr
MD5

cde665b499fe76644308218577d5c5c7
SHA1

3f025e9b8f3ad66439db4b908cdf2a24f7d51435
SHA256

340c93eda71b5041be19b306975e1b7159f0b1d5569d05a8693f3291770fe10b
SHA512

bbf24a39518dd2f07e5facdf33518acae6c498547502bdf715574a79726f373101806c90ffc6b0000319889476101b758bc343ddffd75672f4a93970f4d5cb3a
SSDEEP

98304:d7UpWR2SpdMJqop8pKK7ii5gXcyYXjNNDi0rHXriC44GBvj3:oSpDop8pv2iTyajlXriCyh

Score

10^/10

Malware Config

Targets

- Target
  
  Social Boost.apk
- Size
  
  5.0MB
- MD5
  
  cde665b499fe76644308218577d5c5c7
- SHA1
  
  3f025e9b8f3ad66439db4b908cdf2a24f7d51435
- SHA256
  
  340c93eda71b5041be19b306975e1b7159f0b1d5569d05a8693f3291770fe10b
- SHA512
  
  bbf24a39518dd2f07e5facdf33518acae6c498547502bdf715574a79726f373101806c90ffc6b0000319889476101b758bc343ddffd75672f4a93970f4d5cb3a
- SSDEEP
  
  98304:d7UpWR2SpdMJqop8pKK7ii5gXcyYXjNNDi0rHXriC44GBvj3:oSpDop8pv2iTyajlXriCyh
Score

10^/10

spynote banker collection credential_access discovery evasion execution infostealer persistence rat trojan
- Spynote
  Spynote is a Remote Access Trojan first seen in 2017.
  banker trojan infostealer rat spynote
- Spynote family
  spynote
- Spynote payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
behavioral1