spynote | e96a530a1e0520cc38871aa7d58c785ed6ad71ce8132757da786bccf464461b0 | Triage

Sharing

General

Target

e96a530a1e0520cc38871aa7d58c785ed6ad71ce8132757da786bccf464461b0.bin
Size

760KB
Sample

250205-1y2mjswkcp
MD5

9ff7144f8b76e7e3908ccf25882f0ce9
SHA1

ae45db48af54d5e0c665026f079b4bd80b23cd6f
SHA256

e96a530a1e0520cc38871aa7d58c785ed6ad71ce8132757da786bccf464461b0
SHA512

37f0e480caea4ca9203b6423c02ce1ff9d3a5591e2d30e71bf79c44a22f30055a368ae35e38bc76e3566cb104640531510aa06f4e504caa9b32662a2f230ea99
SSDEEP

12288:yoOVbtcYBNa1a8LzektiAscRB5WmpYshXZPbGwidNpgKG:ylBtHNa1amekVscRB5WmD9idNp+

Score

10^/10

spynote android banker defense_evasion discovery impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

AKASHamb-48302.portmap.host:48302

Targets

- Target
  
  e96a530a1e0520cc38871aa7d58c785ed6ad71ce8132757da786bccf464461b0.bin
- Size
  
  760KB
- MD5
  
  9ff7144f8b76e7e3908ccf25882f0ce9
- SHA1
  
  ae45db48af54d5e0c665026f079b4bd80b23cd6f
- SHA256
  
  e96a530a1e0520cc38871aa7d58c785ed6ad71ce8132757da786bccf464461b0
- SHA512
  
  37f0e480caea4ca9203b6423c02ce1ff9d3a5591e2d30e71bf79c44a22f30055a368ae35e38bc76e3566cb104640531510aa06f4e504caa9b32662a2f230ea99
- SSDEEP
  
  12288:yoOVbtcYBNa1a8LzektiAscRB5WmpYshXZPbGwidNpgKG:ylBtHNa1amekVscRB5WmD9idNp+
Score

7^/10

banker defense_evasion discovery impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation

behavioral2

bankerdefense_evasiondiscoverypersistence

behavioral3

bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation