spynote

General

Target

ELECTRICITY Bill.-__.apk
Size

4.6MB
Sample

250124-xwferatlgy
MD5

1a615c0aebf2d958181b727de8815736
SHA1

54800a51c1ebc3aa4cdbe37b7b3cbc9314bdb22a
SHA256

2a33c6347c4b4c95e2437075a025a8b9337291d48500224b954e32cb395df678
SHA512

bb0c3dcefb04a64d0d08f4f36cf381c226c6577db49f98246394624b9b958d4c1dfd7a6b20938dd6af562b5eb61dab9dc03db1f980f113b44e1a0af2f8166fa5
SSDEEP

98304:sUAWRjSD2kDiHAkLk4t6TVOHrcuVorbgxoJhEhkNUGBQp:rSD2kDvSk4IpOHrchbgkEhkvw

Score

10^/10

Malware Config

Targets

- Target
  
  ELECTRICITY Bill.-__.apk
- Size
  
  4.6MB
- MD5
  
  1a615c0aebf2d958181b727de8815736
- SHA1
  
  54800a51c1ebc3aa4cdbe37b7b3cbc9314bdb22a
- SHA256
  
  2a33c6347c4b4c95e2437075a025a8b9337291d48500224b954e32cb395df678
- SHA512
  
  bb0c3dcefb04a64d0d08f4f36cf381c226c6577db49f98246394624b9b958d4c1dfd7a6b20938dd6af562b5eb61dab9dc03db1f980f113b44e1a0af2f8166fa5
- SSDEEP
  
  98304:sUAWRjSD2kDiHAkLk4t6TVOHrcuVorbgxoJhEhkNUGBQp:rSD2kDvSk4IpOHrchbgkEhkvw
Score

10^/10

spynote banker collection credential_access defense_evasion discovery evasion execution infostealer persistence rat trojan
- Spynote
  Spynote is a Remote Access Trojan first seen in 2017.
  banker trojan infostealer rat spynote
- Spynote family
  spynote
- Spynote payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Requests enabling of the accessibility settings.
behavioral1 behavioral2 behavioral3 behavioral4