spynote | 043da455c8eb9a5102994975cad4611d7cd2d7087c6a040bbef5f8b684c7836a | Triage

Sharing

General

Target

043da455c8eb9a5102994975cad4611d7cd2d7087c6a040bbef5f8b684c7836a.bin
Size

760KB
Sample

250113-1zkqesynb1
MD5

0dbf59580e90430ebe9702ca3c6e2d7a
SHA1

65020fb5e4af1066714e8cdd9719267062d70ebb
SHA256

043da455c8eb9a5102994975cad4611d7cd2d7087c6a040bbef5f8b684c7836a
SHA512

e95c98986e5373ff7e7b966b715365f403f84bfaf84424e2d845c660f291fbe2eac481e4d60e3dac7880b46b98c1b6d0072cd8ad8ced0fcb55b477fbf1fbaf6a
SSDEEP

12288:FKO/wWEa1a8Ldeu3YbgNNh5WmpYshXZPbGwidNpg1b:Fz8a1a6eumgNNh5WmD9idNpK

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

his-flush.gl.at.ply.gg:17098

Targets

- Target
  
  043da455c8eb9a5102994975cad4611d7cd2d7087c6a040bbef5f8b684c7836a.bin
- Size
  
  760KB
- MD5
  
  0dbf59580e90430ebe9702ca3c6e2d7a
- SHA1
  
  65020fb5e4af1066714e8cdd9719267062d70ebb
- SHA256
  
  043da455c8eb9a5102994975cad4611d7cd2d7087c6a040bbef5f8b684c7836a
- SHA512
  
  e95c98986e5373ff7e7b966b715365f403f84bfaf84424e2d845c660f291fbe2eac481e4d60e3dac7880b46b98c1b6d0072cd8ad8ced0fcb55b477fbf1fbaf6a
- SSDEEP
  
  12288:FKO/wWEa1a8Ldeu3YbgNNh5WmpYshXZPbGwidNpg1b:Fz8a1a6eumgNNh5WmD9idNpK
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation