spynote | 87106c2406f1fc2920ba45adc65d275e9f9224f0572b54247a44eb5514f896b9 | Triage

Sharing

General

Target

87106c2406f1fc2920ba45adc65d275e9f9224f0572b54247a44eb5514f896b9.bin
Size

4.6MB
Sample

250209-1w8m3svmaw
MD5

fce76148e56cb8fe5c7e6909d9536e99
SHA1

00e19b74fb75abc79e7772a4adbcab5c342a58c3
SHA256

87106c2406f1fc2920ba45adc65d275e9f9224f0572b54247a44eb5514f896b9
SHA512

755322b5130af78d658a7005508b70ae0b63cae035e9752508924c7c1b65a366525df77b9d4ed31b6261f4790ea1238c519b42bb240cd1c05b303aafdd046a57
SSDEEP

98304:+U+WRcSSw8gUC9tN3rM9SpV+i8wjdwb8LvX5J7pHr0CbGBw:YSS9CDxrM9Spvdw4L/pHr0r+

Score

10^/10

spynote android banker collection credential_access defense_evasion evasion execution infostealer persistence rat trojan

Malware Config

Targets

- Target
  
  87106c2406f1fc2920ba45adc65d275e9f9224f0572b54247a44eb5514f896b9.bin
- Size
  
  4.6MB
- MD5
  
  fce76148e56cb8fe5c7e6909d9536e99
- SHA1
  
  00e19b74fb75abc79e7772a4adbcab5c342a58c3
- SHA256
  
  87106c2406f1fc2920ba45adc65d275e9f9224f0572b54247a44eb5514f896b9
- SHA512
  
  755322b5130af78d658a7005508b70ae0b63cae035e9752508924c7c1b65a366525df77b9d4ed31b6261f4790ea1238c519b42bb240cd1c05b303aafdd046a57
- SSDEEP
  
  98304:+U+WRcSSw8gUC9tN3rM9SpV+i8wjdwb8LvX5J7pHr0CbGBw:YSS9CDxrM9Spvdw4L/pHr0r+
Score

10^/10

spynote banker collection credential_access defense_evasion evasion execution infostealer persistence rat trojan
- Spynote
  Spynote is a Remote Access Trojan first seen in 2017.
  banker trojan infostealer rat spynote
- Spynote family
  spynote
- Spynote payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

spynotebankercollectioncredential_accessdefense_evasionevasionexecutioninfostealerpersistencerattrojan

behavioral2

spynotebankercollectioncredential_accessdefense_evasionevasionexecutioninfostealerpersistencerattrojan