Overview

overview

10

Static

static

10

bce84f85e5...85.apk

android-9-x86

7

bce84f85e5...85.apk

android-10-x64

7

bce84f85e5...85.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bce84f85e5a81c19550c4e8f64aa076ba1510d4239f376780e182064e0d71a85.bin

  • Size

    768KB

  • Sample

    250122-12hc3syjev

  • MD5

    3b590d3391c36981c2dc786eba22d170

  • SHA1

    48cd908f1ec3c414c25037a453d0a31ed048a382

  • SHA256

    bce84f85e5a81c19550c4e8f64aa076ba1510d4239f376780e182064e0d71a85

  • SHA512

    91bf457e71df049361c4f5e2f4593588a865eeb1d4e38539a8eac4912604d2c789addedf13f921ed7f6a74a71db935ffece57d84988c0a353a445eb96e6a3fbe

  • SSDEEP

    12288:Epa1a8LrehXdAGo7ooY5WmpYshXZPbGwidNpg/WuQ63/:4a1a2ehGGyooY5WmD9idNp5U

Score
10/10
spynoteandroidbankerdefense_evasiondiscoverypersistence

Malware Config

Extracted

Family

spynote

C2

192.168.0.64:4444

Targets

    • Target

      bce84f85e5a81c19550c4e8f64aa076ba1510d4239f376780e182064e0d71a85.bin

    • Size

      768KB

    • MD5

      3b590d3391c36981c2dc786eba22d170

    • SHA1

      48cd908f1ec3c414c25037a453d0a31ed048a382

    • SHA256

      bce84f85e5a81c19550c4e8f64aa076ba1510d4239f376780e182064e0d71a85

    • SHA512

      91bf457e71df049361c4f5e2f4593588a865eeb1d4e38539a8eac4912604d2c789addedf13f921ed7f6a74a71db935ffece57d84988c0a353a445eb96e6a3fbe

    • SSDEEP

      12288:Epa1a8LrehXdAGo7ooY5WmpYshXZPbGwidNpg/WuQ63/:4a1a2ehGGyooY5WmD9idNp5U

    Score
    7/10
    bankerdefense_evasiondiscoverypersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks