Extracted

• • Target

    c5ce47d8f52bb506272a419099ec5d3935c8b95e9c1981bd963869a8c8d4a29e.bin

  • Size

    1.2MB

  • MD5

    d620f8e4c97e3c31d679f077abdac07c

  • SHA1

    35f4c65a416eab1b34a7a0574a67cc2ef29975c5

  • SHA256

    c5ce47d8f52bb506272a419099ec5d3935c8b95e9c1981bd963869a8c8d4a29e

  • SHA512

    b1a52635bd726ae8aaa20de557117e9373f81e9e7337952dd09652b7c62bbea180455e657e8ddc712066465c6c46e7c6ae930c1e75498429e9716211d02f8fb0

  • SSDEEP

    24576:yh+5WmD9idNp1HTg87MwEcpuYl0X2CyRNadNq1TBrm:TWk0d/1Tg87M+6G1R8dUTA

  Score

  10^/10

  spynotebankerdefense_evasiondiscoveryinfostealerpersistencerattrojan

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote

  • Spynote family

    spynote

  • Spynote payload

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Declares broadcast receivers with permission to handle system events

  • Declares services with permission to bind to the system

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence

  • Requests dangerous framework permissions

  behavioral1behavioral2

• • Target

    RpjH6OUSGw.apk

  • Size

    784KB

  • MD5

    d6e10b0d690c76847cc9662b6d4a52c4

  • SHA1

    332859c69805129b62f42b33a6ced40d5887dc16

  • SHA256

    f797422b592a371711d11e86f7d23b150bb7233399191eb3337376c2a2e7ea18

  • SHA512

    e191009d09be52a1cdfa8428d64579f788973d83d321f88c3db63f36fd64b7d26fd646ef1ead1eeea1a7e51760b6bbaa90cb976cbad4a071ed77669c1f0ad292

  • SSDEEP

    12288:6V1a1a8LzeJYU8AgVpsC5WmpYshXZPbGwidNpgtuA:m1a1ameJYBASpF5WmD9idNpah

  Score

  7^/10

  bankerdefense_evasiondiscoverypersistence

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  behavioral3behavioral4behavioral5