spynote | c2a7d0ae4f95a2e2de81357948afad740f76c7a2fb7f77917316dd5d5f17d9ca

Analysis

max time kernel
7s
max time network
151s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
14-02-2025 04:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2a7d0ae4f95a2e2de81357948afad740f76c7a2fb7f77917316dd5d5f17d9ca.apk
Size

60.0MB
MD5

b0081c7a5101d0a2b6d9ad4df983bb29
SHA1

c2afd70af6cf2f2c185b1a0a5efe9fda6420f21b
SHA256

c2a7d0ae4f95a2e2de81357948afad740f76c7a2fb7f77917316dd5d5f17d9ca
SHA512

fd1b9513c22cee8d5413e520ffc597b230d61c705667f0f649083cc690b479ecbd440f6756f65e794788809d65c0052b7f91308ee44b0a405618307f338b3eea
SSDEEP

1572864:V8OBXNBCV8S11b3UZ/LK117L3GEXUoVlkaVhEv1hWEYqotjXw:V8cBCuS11bElKb7rHUmSaHE9hdl

Score

10^/10

spynote banker evasion impact infostealer rat trojan

Malware Config

Extracted

Family

spynote

147.189.171.248:7771

Signatures

Spynote
Spynote is a Remote Access Trojan first seen in 2017.
banker trojan infostealer rat spynote
Spynote family
spynote

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/holiday.scales.soldiers/app_ded/LbvuFmHBT40b1ARkknK05csfSr5XmNYs.dex	4413	holiday.scales.soldiers

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	holiday.scales.soldiers

holiday.scales.soldiers
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4413

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact