spynote | 4e4851de6ed3b965f05a848c9949e4a513a3f71e6f45e2830caabf8b8c38d585 | Triage

Sharing

General

Target

client.apk
Size

760KB
Sample

250327-w38jfawwcw
MD5

ce99fcb4e374391d16f135ac4cf5953a
SHA1

1c87c24349ae286b47ab9bac12b7f949d177f624
SHA256

4e4851de6ed3b965f05a848c9949e4a513a3f71e6f45e2830caabf8b8c38d585
SHA512

f778307ca383d04b613a58ac4c1d667731c7721631174f2a0cebce156a27866a80df94f3dd052bfde583410e2a27de2da3deb5fb22ea81f6297f385e647fde01
SSDEEP

12288:sWGFKidPa1a8Lzeyf8/UypN5WmpYshXZPbGwidNpgf2U:sWaPa1amey2UypN5WmD9idNpU

Score

10^/10

spynote android banker defense_evasion discovery evasion impact persistence privilege_escalation stealth trojan

Malware Config

Extracted

Family

spynote

C2

193.161.193.99:1194

Targets

- Target
  
  client.apk
- Size
  
  760KB
- MD5
  
  ce99fcb4e374391d16f135ac4cf5953a
- SHA1
  
  1c87c24349ae286b47ab9bac12b7f949d177f624
- SHA256
  
  4e4851de6ed3b965f05a848c9949e4a513a3f71e6f45e2830caabf8b8c38d585
- SHA512
  
  f778307ca383d04b613a58ac4c1d667731c7721631174f2a0cebce156a27866a80df94f3dd052bfde583410e2a27de2da3deb5fb22ea81f6297f385e647fde01
- SSDEEP
  
  12288:sWGFKidPa1a8Lzeyf8/UypN5WmpYshXZPbGwidNpgf2U:sWaPa1amey2UypN5WmD9idNpU
Score

8^/10

banker defense_evasion discovery evasion impact persistence privilege_escalation stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdefense_evasiondiscoveryevasionimpactpersistenceprivilege_escalationstealthtrojan

behavioral2

bankerdefense_evasiondiscoverypersistence

behavioral3

bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation