spynote | 43f89068d07e05ccb9fd41d3ee1509b246e34aac178e7d2b3d2a8014e7ca888c | Triage

Sharing

General

Target

43f89068d07e05ccb9fd41d3ee1509b246e34aac178e7d2b3d2a8014e7ca888c.bin
Size

3.6MB
Sample

250120-1wzeea1pdv
MD5

accf309549c264fd00d3493ab8d98143
SHA1

68e4ef878509de2afa6114e0582d5cc8d61a0392
SHA256

43f89068d07e05ccb9fd41d3ee1509b246e34aac178e7d2b3d2a8014e7ca888c
SHA512

5ae67ca49d8ea2b7eaccc3e2d9ab4c2020b9e63bbe3b8dbdf5a48b668552367fd75b0c28e1eb592d077e25e08471bdfdac1d3231274ea8c0233da0a0699c9bb8
SSDEEP

98304:mKYTHe+++L6N6cjvFXHj7REVcMnzfrsdPqI:lYa+LeEcjvFXXREVcMmL

Score

10^/10

spynote android banker defense_evasion discovery impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

important-focal.gl.at.ply.gg:24318

Targets

- Target
  
  43f89068d07e05ccb9fd41d3ee1509b246e34aac178e7d2b3d2a8014e7ca888c.bin
- Size
  
  3.6MB
- MD5
  
  accf309549c264fd00d3493ab8d98143
- SHA1
  
  68e4ef878509de2afa6114e0582d5cc8d61a0392
- SHA256
  
  43f89068d07e05ccb9fd41d3ee1509b246e34aac178e7d2b3d2a8014e7ca888c
- SHA512
  
  5ae67ca49d8ea2b7eaccc3e2d9ab4c2020b9e63bbe3b8dbdf5a48b668552367fd75b0c28e1eb592d077e25e08471bdfdac1d3231274ea8c0233da0a0699c9bb8
- SSDEEP
  
  98304:mKYTHe+++L6N6cjvFXHj7REVcMnzfrsdPqI:lYa+LeEcjvFXXREVcMmL
Score

7^/10

banker defense_evasion discovery impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation

behavioral2

bankerdefense_evasiondiscoverypersistence

behavioral3

bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation