spynote | 07af81bc89106c90817169982ca17507e06d1c51a01299be8e74182911667a17 | Triage

Resubmissions

15-01-2025 10:47

250115-mv1dessldr 10

15-01-2025 09:36

250115-lk6l1szrgq 10

15-01-2025 09:31

250115-lhafsszram 10

Sharing

General

Target

ready_at_split_minify_en.apk
Size

9.6MB
Sample

250115-mv1dessldr
MD5

71b20aa39ec449cc62bc15eb494091b4
SHA1

a6c239862f8e3bc877cccde929e39c0d5e042013
SHA256

07af81bc89106c90817169982ca17507e06d1c51a01299be8e74182911667a17
SHA512

fed9b99ebbc21686102920de55331cc9ee33867f930463baed76599e3bd87cacd12213df3939803ecd273ff3d694172281f3f506e550e8786c509fbdbbde3bb4
SSDEEP

98304:ebEzBhTvmznN74jzI2om80LWBkkfjseJMxDc+5o0tiIVOiy9GV6BB:d+znN7L2ztYkoseJIYcifi+GEB

Score

10^/10

spynote android banker collection credential_access discovery evasion execution persistence

Malware Config

Targets

- Target
  
  ready_at_split_minify_en.apk
- Size
  
  9.6MB
- MD5
  
  71b20aa39ec449cc62bc15eb494091b4
- SHA1
  
  a6c239862f8e3bc877cccde929e39c0d5e042013
- SHA256
  
  07af81bc89106c90817169982ca17507e06d1c51a01299be8e74182911667a17
- SHA512
  
  fed9b99ebbc21686102920de55331cc9ee33867f930463baed76599e3bd87cacd12213df3939803ecd273ff3d694172281f3f506e550e8786c509fbdbbde3bb4
- SSDEEP
  
  98304:ebEzBhTvmznN74jzI2om80LWBkkfjseJMxDc+5o0tiIVOiy9GV6BB:d+znN7L2ztYkoseJIYcifi+GEB
Score

7^/10

banker collection credential_access discovery evasion execution persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral2

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

behavioral3

bankercollectioncredential_accessdiscoveryevasionexecutionpersistence