spynote | 265b71a90e6d88bdfc9d298aadbf009d1ae942c86fea23f9c3f530dc02783885 | Triage

Sharing

General

Target

265b71a90e6d88bdfc9d298aadbf009d1ae942c86fea23f9c3f530dc02783885.bin
Size

4.6MB
Sample

250216-1wrpkazmgm
MD5

b9cd25bebd85d52a8135dea3b109be08
SHA1

a682c33285c1a5ad67014581b08968858ed746cb
SHA256

265b71a90e6d88bdfc9d298aadbf009d1ae942c86fea23f9c3f530dc02783885
SHA512

ad09224a5ea55c2ffca3ea4bf7bb14725981c9642677d102d43db6435e75bb6ae93bd1db92a5b61b6167f0977a43ec1890bb2eaed3c3d259bd83d7f5a2f0abe1
SSDEEP

98304:ioUBWR6SQ8G16vWX0PQkgTLwUf2fraXM5r4LISxJ5yt7mnEGBK:ijSQ313kg3wUfml5riIIyt7mNw

Score

10^/10

spynote android banker collection credential_access defense_evasion evasion execution infostealer persistence rat trojan

Malware Config

Targets

- Target
  
  265b71a90e6d88bdfc9d298aadbf009d1ae942c86fea23f9c3f530dc02783885.bin
- Size
  
  4.6MB
- MD5
  
  b9cd25bebd85d52a8135dea3b109be08
- SHA1
  
  a682c33285c1a5ad67014581b08968858ed746cb
- SHA256
  
  265b71a90e6d88bdfc9d298aadbf009d1ae942c86fea23f9c3f530dc02783885
- SHA512
  
  ad09224a5ea55c2ffca3ea4bf7bb14725981c9642677d102d43db6435e75bb6ae93bd1db92a5b61b6167f0977a43ec1890bb2eaed3c3d259bd83d7f5a2f0abe1
- SSDEEP
  
  98304:ioUBWR6SQ8G16vWX0PQkgTLwUf2fraXM5r4LISxJ5yt7mnEGBK:ijSQ313kg3wUfml5riIIyt7mNw
Score

10^/10

spynote banker collection credential_access defense_evasion evasion execution infostealer persistence rat trojan
- Spynote
  Spynote is a Remote Access Trojan first seen in 2017.
  banker trojan infostealer rat spynote
- Spynote family
  spynote
- Spynote payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

spynotebankercollectioncredential_accessdefense_evasionevasionexecutioninfostealerpersistencerattrojan

behavioral2

spynotebankercollectioncredential_accessdefense_evasionevasionexecutioninfostealerpersistencerattrojan