spynote | hxxps://github[.]com/gov-uk/GOV[.]UK

Analysis

max time kernel
30s
max time network
204s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
17-01-2025 15:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/gov-uk/GOV.UK

Score

10^/10

spynote banker infostealer rat trojan

Malware Config

Signatures

Spynote
Spynote is a Remote Access Trojan first seen in 2017.
banker trojan infostealer rat spynote
Spynote family
spynote

Spynote payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-4.dat	family_spynote

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
31	raw.githubusercontent.com
30	raw.githubusercontent.com

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.chrome

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Android/data/com.android.chrome/files/Download/.com.google.Chrome.DBac0x

Filesize
254KB

MD5
b8b32421745406972c418b6f393449eb

SHA1
bcbc77817f0a7eb3a3f4e06858a35f4bc6e965f2

SHA256
39b4980228fc3a25140c33d14818642b60e1fb341148bd6ad9a15481b32b1225

SHA512
c81fa42f8383bb196ecc96d60860729931c91bfadf7721115d5e20049c735ad1281de6c09c58b688e3116887686bbec137c61b005ea91e25eac1c0a8490530ca

Download Submit
/storage/emulated/0/Android/data/com.android.chrome/files/Download/Unconfirmed 30940.crdownload

Filesize
14.4MB

MD5
e110925bc8236679b532b7e303a2ef4e

SHA1
baa76e8fe7d9824589ee8460088ff5678c3cc589

SHA256
73672e858e969f1994a173fb57dc50726161575c11ca9ea464dddab7315da8e5

SHA512
fca019d634dae824b68a1b8cc739d79862019df3f59efe0e00c4648d604eeb25b1b6cd349c70406a5de773d9271333291cb5f79a6e3b1013d7a0cc2905fc1d6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads