spynote | 4ff9f0e6d9043467b530dcd189cbcf281a9a6608b9f7452a4d0dc237e95dbb01 | Triage

Sharing

General

Target

4ff9f0e6d9043467b530dcd189cbcf281a9a6608b9f7452a4d0dc237e95dbb01.bin
Size

751KB
Sample

250119-1z8r9axrhx
MD5

aaf78d4fc5fb60b03f0bd524f0b8e701
SHA1

f8f7ac08b4c940b4c9eaada69671adf93a85253d
SHA256

4ff9f0e6d9043467b530dcd189cbcf281a9a6608b9f7452a4d0dc237e95dbb01
SHA512

bc9550b22e483a0827b89815c980b763c90fbf2e923604c5ecca37322bc3e73b27f848cf0b1b0ae72c1cf899afb877a55fef2e321085480ed5f785a44dd03cb6
SSDEEP

12288:GMJ6sgRQLzQCEf8xEt5WmpYshXZPbGwidNpgUc:FJ6sjLzQXf8xEt5WmD9idNpq

Score

10^/10

spynote android banker discovery evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

helloGBOARD42-55713.portmap.host:55713

Targets

- Target
  
  4ff9f0e6d9043467b530dcd189cbcf281a9a6608b9f7452a4d0dc237e95dbb01.bin
- Size
  
  751KB
- MD5
  
  aaf78d4fc5fb60b03f0bd524f0b8e701
- SHA1
  
  f8f7ac08b4c940b4c9eaada69671adf93a85253d
- SHA256
  
  4ff9f0e6d9043467b530dcd189cbcf281a9a6608b9f7452a4d0dc237e95dbb01
- SHA512
  
  bc9550b22e483a0827b89815c980b763c90fbf2e923604c5ecca37322bc3e73b27f848cf0b1b0ae72c1cf899afb877a55fef2e321085480ed5f785a44dd03cb6
- SSDEEP
  
  12288:GMJ6sgRQLzQCEf8xEt5WmpYshXZPbGwidNpgUc:FJ6sjLzQXf8xEt5WmD9idNpq
Score

7^/10

banker discovery evasion impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistenceprivilege_escalation

behavioral2

bankerdiscovery

behavioral3

bankerdiscoveryevasionimpactpersistenceprivilege_escalation