spynote | bcb12986fe8ba7e2e6d433f18416d236ce5bdc76456201ab3a529fa6cb7f92fe | Triage

Sharing

General

Target

Tarif_base.apk
Size

4.6MB
Sample

250127-pkby7axrhv
MD5

5db867f30b739f86186d449f747f590a
SHA1

3871729d78429ad2127d483d65a836a6c6e53128
SHA256

bcb12986fe8ba7e2e6d433f18416d236ce5bdc76456201ab3a529fa6cb7f92fe
SHA512

ac144a15c992e8f158d2bc38c661d172fd60ede8129e8604f2b42cce0f0a90451356cfa843466f5817049260557fb45da5f3bc77beb1114b14fbb51c2e487f87
SSDEEP

98304:GMQGOK0DIkAPAvLoSPrH2Q+J6pxQmzAzBxTa0t0MQ+yO79y:GMQpKEIkPPL2Q+qpzu57Wp

Score

10^/10

spynote android collection credential_access defense_evasion execution persistence

Malware Config

Targets

- Target
  
  Tarif_base.apk
- Size
  
  4.6MB
- MD5
  
  5db867f30b739f86186d449f747f590a
- SHA1
  
  3871729d78429ad2127d483d65a836a6c6e53128
- SHA256
  
  bcb12986fe8ba7e2e6d433f18416d236ce5bdc76456201ab3a529fa6cb7f92fe
- SHA512
  
  ac144a15c992e8f158d2bc38c661d172fd60ede8129e8604f2b42cce0f0a90451356cfa843466f5817049260557fb45da5f3bc77beb1114b14fbb51c2e487f87
- SSDEEP
  
  98304:GMQGOK0DIkAPAvLoSPrH2Q+J6pxQmzAzBxTa0t0MQ+yO79y:GMQpKEIkPPL2Q+qpzu57Wp
Score

7^/10

collection credential_access defense_evasion execution persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Requests enabling of the accessibility settings.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdefense_evasionexecutionpersistence

behavioral2

collectioncredential_accessdefense_evasionexecutionpersistence

behavioral3

collectioncredential_accessdefense_evasionexecutionpersistence

behavioral4

collectioncredential_accessdefense_evasionexecutionpersistence