spynote | ad7edea231a4c057df19d0b552f64437aab5476801bb8d91af1e5fc4b40ddf7d | Triage

Sharing

General

Target

ready.apk
Size

696KB
Sample

250219-m5vwpazlen
MD5

d9f290fb187ef934a1d537a8e4e23d4d
SHA1

e8ecb29ca4c3fbcf2c422e38ca5f5f42acbd1267
SHA256

ad7edea231a4c057df19d0b552f64437aab5476801bb8d91af1e5fc4b40ddf7d
SHA512

42733f2dcb466b381223fee1dea794d2cc67a39ef4afb409d8f0fda8510a1f368e266ba075457306dfe069d799fda246fd09acb24a65fdf2ec9a063b924dfb0f
SSDEEP

12288:9QmhJeRll5/MHgvhjiZQNT3+HamhQR5S6Vm+6usT3cgtN0Fd06Rq21YgKZtWDYPI:9QrRllK8+ZQNOhTy6HT3SFd0GNtxYQ

Score

10^/10

spynote android collection credential_access defense_evasion discovery evasion impact persistence

Malware Config

Extracted

Family

spynote

C2

morning-ultimately.gl.at.ply.gg:morning-ultimately.gl.at.ply.gg:morning-ultimately.gl.at.ply.gg:14531:14531:14531

Targets

- Target
  
  ready.apk
- Size
  
  696KB
- MD5
  
  d9f290fb187ef934a1d537a8e4e23d4d
- SHA1
  
  e8ecb29ca4c3fbcf2c422e38ca5f5f42acbd1267
- SHA256
  
  ad7edea231a4c057df19d0b552f64437aab5476801bb8d91af1e5fc4b40ddf7d
- SHA512
  
  42733f2dcb466b381223fee1dea794d2cc67a39ef4afb409d8f0fda8510a1f368e266ba075457306dfe069d799fda246fd09acb24a65fdf2ec9a063b924dfb0f
- SSDEEP
  
  12288:9QmhJeRll5/MHgvhjiZQNT3+HamhQR5S6Vm+6usT3cgtN0Fd06Rq21YgKZtWDYPI:9QrRllK8+ZQNOhTy6HT3SFd0GNtxYQ
Score

7^/10

collection credential_access defense_evasion discovery evasion persistence impact
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries the mobile country code (MCC)
  discovery
- Requests enabling of the accessibility settings.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Impair Defenses

Prevent Application Removal

Input Injection

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Input Capture

GUI Input Capture

Keylogging

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdefense_evasiondiscoveryevasionpersistence

behavioral2

collectioncredential_accessdefense_evasiondiscoveryimpactpersistence

behavioral3

collectioncredential_accessdefense_evasionimpact