spynote | 26b0dafcbae8852d891471389446a008578887da16c75db96aa0083108905822 | Triage

Sharing

General

Target

26b0dafcbae8852d891471389446a008578887da16c75db96aa0083108905822.bin
Size

885KB
Sample

250218-11y97sskx2
MD5

cbc36a4d9dbc2afae471257db217516f
SHA1

f921ca9d0bed831e72e58aed25bdbc957741af6d
SHA256

26b0dafcbae8852d891471389446a008578887da16c75db96aa0083108905822
SHA512

2f7ced7705a24fda30cfd0e237ece1ab2db825d1e0d7be0d3b7d798daf9275b1b3dbdc65353ddd4a3fb5038e2263d237f40454195cbf170d595737bf057c52b5
SSDEEP

12288:SPFa1a8LdeWLG6uFpLuFRO5qay5WmpYshXZPbGwidNpg9Rx:SNa1a6eWqlpSFbay5WmD9idNpi

Score

10^/10

spynote android banker defense_evasion discovery impact persistence privilege_escalation

Malware Config

Extracted

Family

spynote

C2

started-deadline.gl.at.ply.gg:12147

Targets

- Target
  
  26b0dafcbae8852d891471389446a008578887da16c75db96aa0083108905822.bin
- Size
  
  885KB
- MD5
  
  cbc36a4d9dbc2afae471257db217516f
- SHA1
  
  f921ca9d0bed831e72e58aed25bdbc957741af6d
- SHA256
  
  26b0dafcbae8852d891471389446a008578887da16c75db96aa0083108905822
- SHA512
  
  2f7ced7705a24fda30cfd0e237ece1ab2db825d1e0d7be0d3b7d798daf9275b1b3dbdc65353ddd4a3fb5038e2263d237f40454195cbf170d595737bf057c52b5
- SSDEEP
  
  12288:SPFa1a8LdeWLG6uFpLuFRO5qay5WmpYshXZPbGwidNpg9Rx:SNa1a6eWqlpSFbay5WmD9idNpi
Score

7^/10

banker defense_evasion discovery impact persistence privilege_escalation
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation

behavioral2

bankerdefense_evasiondiscoverypersistence

behavioral3

bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation