spynote | 4f381258318f1884ecd68822131ce0bf0d7d68f926531dfb2d78bb979bd26f3c

Sharing

General

Target

ready_Signed_Dropper.apk
Size

5.6MB
Sample

250215-1hnezswkg1
MD5

2a91d282b2eda3ab9633b71cfb5cfe9a
SHA1

be4b0efc574d9de6804998e87fa6044885472a8b
SHA256

4f381258318f1884ecd68822131ce0bf0d7d68f926531dfb2d78bb979bd26f3c
SHA512

ea12cff2fe1db1de9ff4196ab5ec50e9390f4b2b9aa00545b9b37c08dff2e7cd78eccd5ca857392195e32fac6df580304d74e208cbe8f3d3d07d26e903383f03
SSDEEP

98304:4rz0l7BrCZr+4XLIXVQhn+gRQJlrqk+xfX1IOXO3ST/OeIhrgjX47fcW0asVIH90:4rfZ5XMXajOrqkyaO+WOLb7f4HIK

Score

10^/10

Malware Config

Targets

- Target
  
  ready_Signed_Dropper.apk
- Size
  
  5.6MB
- MD5
  
  2a91d282b2eda3ab9633b71cfb5cfe9a
- SHA1
  
  be4b0efc574d9de6804998e87fa6044885472a8b
- SHA256
  
  4f381258318f1884ecd68822131ce0bf0d7d68f926531dfb2d78bb979bd26f3c
- SHA512
  
  ea12cff2fe1db1de9ff4196ab5ec50e9390f4b2b9aa00545b9b37c08dff2e7cd78eccd5ca857392195e32fac6df580304d74e208cbe8f3d3d07d26e903383f03
- SSDEEP
  
  98304:4rz0l7BrCZr+4XLIXVQhn+gRQJlrqk+xfX1IOXO3ST/OeIhrgjX47fcW0asVIH90:4rfZ5XMXajOrqkyaO+WOLb7f4HIK
Score

4^/10

persistence
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  childapp.apk
- Size
  
  9.5MB
- MD5
  
  f32e6560c2a0415a047a8b47245d8660
- SHA1
  
  1f8a011791a261ab58d704f35b5f484717d11982
- SHA256
  
  fccdd32cbd9e4433319f80757d04fc5d7ffa4511fde62b4d0e6bad460cfaf39c
- SHA512
  
  60131ccbeb93a477dcf6d289342c857a1337adb696ff6027df857f2375dc93cae1a1191a422d695f1f0de9d9bdb40ad1292eea113866e5e2b522f7db5f1bb13b
- SSDEEP
  
  98304:kmn3D6nGRfWPbyYk0fvSlXiOdzz1hJTAudmzU3zByTG0tVKuaKO:X3VybyYk6DOzZ/AuwzUUNi
Score

7^/10

banker collection credential_access defense_evasion discovery evasion execution impact persistence privilege_escalation
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Tries to add a device administrator.
  privilege_escalation impact
behavioral5 behavioral6 behavioral7 behavioral8