spynote | e304b4bb2ca1f008c7defad5786423f3e9627f0f6c567d69eaad65c30075d578 | Triage

Sharing

General

Target

e304b4bb2ca1f008c7defad5786423f3e9627f0f6c567d69eaad65c30075d578.bin
Size

760KB
Sample

250215-1xnz3axjd1
MD5

3cb09f27e3c68ec9b9b899975c2f9901
SHA1

9da49ba682ba51223ed739f4ee624bcc9f2bc21e
SHA256

e304b4bb2ca1f008c7defad5786423f3e9627f0f6c567d69eaad65c30075d578
SHA512

e556b64b040a6b8526107ddc43b1b4b152d5d1da8b35dedc6ccf25f3df5a355d19abfe083ed25fcf0974c9cf504f501aeeb0941e95ddf189fafc0e28ff082c11
SSDEEP

12288:rYcNa1a8LreM7qPlnRKS5WmpYshXZPbGwidNpgFtf:rTa1a2eMolnRKS5WmD9idNpaf

Score

10^/10

spynote android banker defense_evasion discovery impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

192.168.1.101:9595

Targets

- Target
  
  e304b4bb2ca1f008c7defad5786423f3e9627f0f6c567d69eaad65c30075d578.bin
- Size
  
  760KB
- MD5
  
  3cb09f27e3c68ec9b9b899975c2f9901
- SHA1
  
  9da49ba682ba51223ed739f4ee624bcc9f2bc21e
- SHA256
  
  e304b4bb2ca1f008c7defad5786423f3e9627f0f6c567d69eaad65c30075d578
- SHA512
  
  e556b64b040a6b8526107ddc43b1b4b152d5d1da8b35dedc6ccf25f3df5a355d19abfe083ed25fcf0974c9cf504f501aeeb0941e95ddf189fafc0e28ff082c11
- SSDEEP
  
  12288:rYcNa1a8LreM7qPlnRKS5WmpYshXZPbGwidNpgFtf:rTa1a2eMolnRKS5WmD9idNpaf
Score

7^/10

banker defense_evasion discovery impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation

behavioral2

bankerdefense_evasiondiscoverypersistence

behavioral3

bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation