spynote | 28c7b7aa845043671432ab4a743f0821cf14d5a4747d6fa6d8f177f5e90cbafe | Triage

Sharing

General

Target

client.apk
Size

760KB
Sample

250116-tnddmsyqbn
MD5

16fac5532ebd228c0543adb9f6c39e41
SHA1

0ab3a40bbfdd1203c3f730ff10cd8210fe3366d0
SHA256

28c7b7aa845043671432ab4a743f0821cf14d5a4747d6fa6d8f177f5e90cbafe
SHA512

f77c777b57b4588f0964c17c733aec258a5920d4d2afb5468150e1b18b18973777fc9475e462cccba041fe13076b2b46846df79edc62797cb0b571371c92ee8a
SSDEEP

12288:nuwCBGIha1a8Lze2foT8RNx5WmpYshXZPbGwidNpggO:n6ha1ame2S8RNx5WmD9idNp0

Score

10^/10

spynote android banker discovery evasion stealth trojan

Malware Config

Extracted

Family

spynote

C2

result-genres.gl.at.ply.gg:4517

Targets

- Target
  
  client.apk
- Size
  
  760KB
- MD5
  
  16fac5532ebd228c0543adb9f6c39e41
- SHA1
  
  0ab3a40bbfdd1203c3f730ff10cd8210fe3366d0
- SHA256
  
  28c7b7aa845043671432ab4a743f0821cf14d5a4747d6fa6d8f177f5e90cbafe
- SHA512
  
  f77c777b57b4588f0964c17c733aec258a5920d4d2afb5468150e1b18b18973777fc9475e462cccba041fe13076b2b46846df79edc62797cb0b571371c92ee8a
- SSDEEP
  
  12288:nuwCBGIha1a8Lze2foT8RNx5WmpYshXZPbGwidNpggO:n6ha1ame2S8RNx5WmD9idNp0
Score

8^/10

banker discovery evasion stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdiscoveryevasionstealthtrojan