spynote | 5ebf58cb88eeca88866326c1ec68fb06679645f9dde9917e35dc82ab6081f8c4 | Triage

Sharing

General

Target

5ebf58cb88eeca88866326c1ec68fb06679645f9dde9917e35dc82ab6081f8c4.bin
Size

1.5MB
Sample

250116-1xcl2asjbn
MD5

1a1380ed0cf0cf2e66c730bbc71449bd
SHA1

b9d7a435d430f574dd4f7405cb6786dde382684f
SHA256

5ebf58cb88eeca88866326c1ec68fb06679645f9dde9917e35dc82ab6081f8c4
SHA512

1b03835c1581f0aa4773cb2db8a14e2911ee04afdc3e344ac6fdb12455382c82e57ccb6604e3c9c9265361760df148eae3298446ee5f8064e68afcf7154ccf79
SSDEEP

24576:Sa1a2eOpXnqkT2OQboUuoFcKfp10U3r9ndMk5bVh5WmD9idNpCs:Sa1aInqI2OQboUuoGk7xuk5dWk0d/Cs

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

updates-introductory.gl.at.ply.gg:60950

Targets

- Target
  
  5ebf58cb88eeca88866326c1ec68fb06679645f9dde9917e35dc82ab6081f8c4.bin
- Size
  
  1.5MB
- MD5
  
  1a1380ed0cf0cf2e66c730bbc71449bd
- SHA1
  
  b9d7a435d430f574dd4f7405cb6786dde382684f
- SHA256
  
  5ebf58cb88eeca88866326c1ec68fb06679645f9dde9917e35dc82ab6081f8c4
- SHA512
  
  1b03835c1581f0aa4773cb2db8a14e2911ee04afdc3e344ac6fdb12455382c82e57ccb6604e3c9c9265361760df148eae3298446ee5f8064e68afcf7154ccf79
- SSDEEP
  
  24576:Sa1a2eOpXnqkT2OQboUuoFcKfp10U3r9ndMk5bVh5WmD9idNpCs:Sa1aInqI2OQboUuoGk7xuk5dWk0d/Cs
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscoveryevasionpersistence

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation