Overview

overview

10

Static

static

10

99f467c30f...e5.apk

android-9-x86

7

99f467c30f...e5.apk

android-10-x64

7

99f467c30f...e5.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99f467c30f21644ce9d7e060330cafdf082c9798dc151226271309071c83c6e5.apk

  • Size

    775KB

  • Sample

    250208-c24djs1pfj

  • MD5

    8d2b88688ed3d7950ccff78679fe1be6

  • SHA1

    afa616d624875bf2c0bc966b0afdaf52d3b3409d

  • SHA256

    99f467c30f21644ce9d7e060330cafdf082c9798dc151226271309071c83c6e5

  • SHA512

    b8b5a369a26676a3ec601cf078962aa31470f5083ae90fed190a954208ba969eca0a6b41dea2eb9b5debc75a7515335e1b34e06b820ff2ff8627b7e3b251e400

  • SSDEEP

    12288:U4XuJ6sgRwLzODskNNYOX5WmpYshXZPbGwidNpgX2:UnJ6sbLzODpNaOX5WmD9idNpN

Score
10/10
spynoteandroidbankerdefense_evasiondiscoverypersistence

Malware Config

Extracted

Family

spynote

C2

6.tcp.eu.ngrok.io:16230

Targets

    • Target

      99f467c30f21644ce9d7e060330cafdf082c9798dc151226271309071c83c6e5.apk

    • Size

      775KB

    • MD5

      8d2b88688ed3d7950ccff78679fe1be6

    • SHA1

      afa616d624875bf2c0bc966b0afdaf52d3b3409d

    • SHA256

      99f467c30f21644ce9d7e060330cafdf082c9798dc151226271309071c83c6e5

    • SHA512

      b8b5a369a26676a3ec601cf078962aa31470f5083ae90fed190a954208ba969eca0a6b41dea2eb9b5debc75a7515335e1b34e06b820ff2ff8627b7e3b251e400

    • SSDEEP

      12288:U4XuJ6sgRwLzODskNNYOX5WmpYshXZPbGwidNpgX2:UnJ6sbLzODpNaOX5WmD9idNpN

    Score
    7/10
    bankerdefense_evasiondiscoverypersistence

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks