Overview

overview

10

Static

static

10

0694BC59A1...35.apk

android-9-x86

4

0694BC59A1...35.apk

android-10-x64

4

0694BC59A1...35.apk

android-11-x64

1

childapp.apk

android-9-x86

8

childapp.apk

android-10-x64

8

childapp.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0694BC59A108466E301D293A15BF2D7F4B6F7BA9EDB5F8849ECE23EE74B4C335.apk

  • Size

    6.4MB

  • Sample

    250115-qgnz1svpcn

  • MD5

    5b29084513c13457195a92d0bdc86797

  • SHA1

    254bea0a31fe7b0b4f5d2c6bf84f122f31b818ed

  • SHA256

    0694bc59a108466e301d293a15bf2d7f4b6f7ba9edb5f8849ece23ee74b4c335

  • SHA512

    0beda46552164726236602e1ea7711df7ad0539e7a4bd1e744ba288ff970825a7724c7e50763a3c614fda4cb2649bdda2958aa6dbc55832f0f814127c0c0720a

  • SSDEEP

    98304:h/fZ5kP0HimcD9gN8zjAOP3qC+jCyDrV+ZUIgECjMuh+/iX2So+kAbCAUDkWMfAq:h/frHimMiKfAOvqC+jCxCjL8iXtvkkko

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Extracted

Family

spynote

C2

170.238.45.124:7771

Targets

    • Target

      0694BC59A108466E301D293A15BF2D7F4B6F7BA9EDB5F8849ECE23EE74B4C335.apk

    • Size

      6.4MB

    • MD5

      5b29084513c13457195a92d0bdc86797

    • SHA1

      254bea0a31fe7b0b4f5d2c6bf84f122f31b818ed

    • SHA256

      0694bc59a108466e301d293a15bf2d7f4b6f7ba9edb5f8849ece23ee74b4c335

    • SHA512

      0beda46552164726236602e1ea7711df7ad0539e7a4bd1e744ba288ff970825a7724c7e50763a3c614fda4cb2649bdda2958aa6dbc55832f0f814127c0c0720a

    • SSDEEP

      98304:h/fZ5kP0HimcD9gN8zjAOP3qC+jCyDrV+ZUIgECjMuh+/iX2So+kAbCAUDkWMfAq:h/frHimMiKfAOvqC+jCxCjL8iXtvkkko

    Score
    4/10
    persistence
    behavioral1behavioral2behavioral3

    • Target

      childapp.apk

    • Size

      8.6MB

    • MD5

      886035021a1850a320c9e6ad0f6282b0

    • SHA1

      cf8ae6f9c222ab64c895865fd06491ba19dd0b97

    • SHA256

      b747e95a0d0fd3a04300dc47f4734bbf5e13572508e833410eec5b40b61f70d3

    • SHA512

      237f0943171168507cd107a33e7ea07260d9528ce38539e8cef145f9bc4291c0e3e6a26b8390c7e560455f70f6cfe8c8637e20b168295fc60ba9721cde9e5f82

    • SSDEEP

      98304:WazC1O5+H8X0QRi3tSmzDzBwTp0tstht9:WIC16k8XXStdzWGU9

    Score
    8/10
    bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Requests enabling of the accessibility settings.

    behavioral4behavioral5behavioral6

MITRE ATT&CK Mobile v15

Tasks