spynote | de93342c8cb8cdebe5685207fbf50871e5138b2bce5702c9b062ce26478741d4 | Triage

Sharing

General

Target

de93342c8cb8cdebe5685207fbf50871e5138b2bce5702c9b062ce26478741d4.bin
Size

1.9MB
Sample

250216-1wsa4azmgp
MD5

4ab127b61a9e946894192fe134a9fc18
SHA1

39a97219926eccb72d0ca8014225f8b9078a4401
SHA256

de93342c8cb8cdebe5685207fbf50871e5138b2bce5702c9b062ce26478741d4
SHA512

a4a4e50166507642e7653472c11571d5bce2c30c7563493348466b91a468ecafc4c20a98b879e428e7fc994bfde911e563a1f73672dd649be064a22a659be6d1
SSDEEP

49152:HxIvEQR5iBABSj/F4JuYB9Q0tdHljzbRFbFbNa6fvNez:qvEQ6BA0/F4JuYTfzpFBaf

Score

10^/10

spynote android banker defense_evasion discovery impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

147.185.221.26:7576

Targets

- Target
  
  de93342c8cb8cdebe5685207fbf50871e5138b2bce5702c9b062ce26478741d4.bin
- Size
  
  1.9MB
- MD5
  
  4ab127b61a9e946894192fe134a9fc18
- SHA1
  
  39a97219926eccb72d0ca8014225f8b9078a4401
- SHA256
  
  de93342c8cb8cdebe5685207fbf50871e5138b2bce5702c9b062ce26478741d4
- SHA512
  
  a4a4e50166507642e7653472c11571d5bce2c30c7563493348466b91a468ecafc4c20a98b879e428e7fc994bfde911e563a1f73672dd649be064a22a659be6d1
- SSDEEP
  
  49152:HxIvEQR5iBABSj/F4JuYB9Q0tdHljzbRFbFbNa6fvNez:qvEQ6BA0/F4JuYTfzpFBaf
Score

7^/10

banker defense_evasion discovery impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation

behavioral2

bankerdefense_evasiondiscoverypersistence

behavioral3

bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation