spynote | d9ee83a9495a3967eb5e097176c8d395a6952b8de734406a8d175e91bd0c6d16 | Triage

Sharing

General

Target

d9ee83a9495a3967eb5e097176c8d395a6952b8de734406a8d175e91bd0c6d16.bin
Size

760KB
Sample

250123-1z4hjaxlek
MD5

fefb8a2b8c21dc7ac82f61d8a5213fa4
SHA1

1c7f58e396825bf29437ca3ee3cd60a1879f7be6
SHA256

d9ee83a9495a3967eb5e097176c8d395a6952b8de734406a8d175e91bd0c6d16
SHA512

7531821c663fdd5b67b6fa67f07e287923e21da88fe7d9d61b3aeb20333bf57980c3bdc1db71c0de14fe163cee1c9837cf8c6ca0ac77c557f5f51160551c1e22
SSDEEP

12288:fqGCja1a8Lze9Z52bOskK5WmpYshXZPbGwidNpgST8:f2a1ame9ybOskK5WmD9idNpP8

Score

10^/10

spynote android banker defense_evasion discovery impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

located-java.gl.at.ply.gg:20128

Targets

- Target
  
  d9ee83a9495a3967eb5e097176c8d395a6952b8de734406a8d175e91bd0c6d16.bin
- Size
  
  760KB
- MD5
  
  fefb8a2b8c21dc7ac82f61d8a5213fa4
- SHA1
  
  1c7f58e396825bf29437ca3ee3cd60a1879f7be6
- SHA256
  
  d9ee83a9495a3967eb5e097176c8d395a6952b8de734406a8d175e91bd0c6d16
- SHA512
  
  7531821c663fdd5b67b6fa67f07e287923e21da88fe7d9d61b3aeb20333bf57980c3bdc1db71c0de14fe163cee1c9837cf8c6ca0ac77c557f5f51160551c1e22
- SSDEEP
  
  12288:fqGCja1a8Lze9Z52bOskK5WmpYshXZPbGwidNpgST8:f2a1ame9ybOskK5WmD9idNpP8
Score

7^/10

banker defense_evasion discovery impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation

behavioral2

bankerdefense_evasiondiscoverypersistence

behavioral3

bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation