Overview

overview

10

Static

static

10

gratisapp.apk

android-9-x86

4

gratisapp.apk

android-10-x64

4

gratisapp.apk

android-11-x64

4

childapp.apk

android-9-x86

8

childapp.apk

android-10-x64

8

childapp.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gratisapp.apk

  • Size

    11.2MB

  • Sample

    250215-x8fw2szrak

  • MD5

    f73d3cb67bdddc4190667b832c983b76

  • SHA1

    0c8bc6a13fbacd620efe886cbc35e596d961eaaf

  • SHA256

    17fa2e94cfd51302e10620e2a3e6ceeb860259973fc7d915ed1c613ad965c062

  • SHA512

    9b1b4b9dab94e910391cd7e36136da48cd5b7a14c19c2a65118430f7bf8a0158bfb80a559b2489ce123c46a40d229607e5f9791e3d65bb28209620b798a2fcfd

  • SSDEEP

    196608:4QGu8ia1Eh44+KM5uy7aXst8Rf1oCALDoJKrN1fdgL/7fBEKXzxLYkZDiWc5RA35:8u8N1Eu4+gfxV1oZ5xafBFLYkg55iJ3

Score
10/10
spynoteandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactpersistencestealthtrojan

Malware Config

Extracted

Family

spynote

C2

158.69.12.143:5555

Targets

    • Target

      gratisapp.apk

    • Size

      11.2MB

    • MD5

      f73d3cb67bdddc4190667b832c983b76

    • SHA1

      0c8bc6a13fbacd620efe886cbc35e596d961eaaf

    • SHA256

      17fa2e94cfd51302e10620e2a3e6ceeb860259973fc7d915ed1c613ad965c062

    • SHA512

      9b1b4b9dab94e910391cd7e36136da48cd5b7a14c19c2a65118430f7bf8a0158bfb80a559b2489ce123c46a40d229607e5f9791e3d65bb28209620b798a2fcfd

    • SSDEEP

      196608:4QGu8ia1Eh44+KM5uy7aXst8Rf1oCALDoJKrN1fdgL/7fBEKXzxLYkZDiWc5RA35:8u8N1Eu4+gfxV1oZ5xafBFLYkg55iJ3

    Score
    4/10
    impact
    behavioral1behavioral2behavioral3

    • Target

      childapp.apk

    • Size

      4.8MB

    • MD5

      367f297264492af7cdb88545fb027b76

    • SHA1

      adf49bc560247cc6ea9a6a40a685012398b1d80e

    • SHA256

      e88b26885c9e7097aaf35689cfc51d864a0b93b4fd7275424e9e1833a56b24a3

    • SHA512

      dc710d0cb5cb1f0556d7902e464137f5a145f4b956766824b49ddf8c83adb07331031ad4d67c51fbd1451a395d1ec80cb6342f439fa4432c57b8fedd4cb89df2

    • SSDEEP

      98304:zQGvm8zuwU6lk2/6iXKuViEKao7URzB9T90trOmzMqCBOBCoyC3d5I:zQGu8SwUqklGzViEKao7CytzgBaXt6

    Score
    8/10
    bankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionpersistencestealthtrojan

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion
    behavioral4behavioral5behavioral6

MITRE ATT&CK Mobile v15

Tasks