Overview

overview

10

Static

static

6

Image Logger.apk

android-10-x64

10

Resubmissions

28/03/2025, 10:50

250328-mw75navvfw 10

28/03/2025, 10:48

250328-mwbrfsvvex 10

Analysis

  • max time kernel
    37s
  • max time network
    32s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    28/03/2025, 10:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Image Logger.apk

  • Size

    6.3MB

  • MD5

    823837c2152c1b0418f5b394da9adec7

  • SHA1

    9fcff40616bf982cec57a227fe368bfb59ca868a

  • SHA256

    e600a3c55b71d262130bcb33e70bca5ed5d867ed2076ad952fdf4f94e1e37c04

  • SHA512

    512010775e9dadcac524797194faccd706d5fe3ed4c803b27554f5f8a77943fd55e4f057175d8c355724237970752893e18f1cb2153686cc4fd88fe854165136

  • SSDEEP

    98304:wk9GRSv9xebyOPOc9rMmBopvfzymzhzB7ZT60tFe1i5:w3Sv9IbNFVM4u5zxZEu

Score
10/10
spynotebankercollectioncredential_accessdefense_evasionevasionexecutioninfostealerpersistencerattrojan

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

    bankertrojaninfostealerratspynote
  • Spynote family
    spynote
  • Spynote payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.ecuador.december
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:5051

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ecuador.december/code_cache/i11111i111
    Filesize

    1.2MB

    MD5

    2353202b04da4d092facbf9868737ac4

    SHA1

    ef7d883f8c1e1194f0558e253d6d955d617bb583

    SHA256

    1d5ef4ace837a8eef48ac8243ffd994b99b06e71b7fc30b7fabfef4187e7c5a8

    SHA512

    6ea9a2cb2a4ee27f609ad8b09987eba3556c1b8a68027d917094e240c8e92185146204e9fcd021b97067e17ea6b0a29dd2f7a89e995ef7f0460316a717d2f756

    Download Submit

  • /data/data/com.ecuador.december/dpt-libs/x86_64/libdpt.so
    Filesize

    537KB

    MD5

    a9e45058306111e3a37ca2c266346dd2

    SHA1

    2ed87bdcd1148a72d6cac073fd34f8d6f429c8ca

    SHA256

    6f93534ca2cf1260210d189cf8a8f955806651a5aa1cf0801bf5832e3f7b8a12

    SHA512

    cccec23982ad1517992a9fc1e5de21027881472dd4168245dc797a69877e0a18da3b0e82c7cd9d2ef55505e92503bac29efdc30617c10bb8e59d866fedc3783b

    Download Submit

  • /data/user/0/com.ecuador.december/code_cache/i11111i111
    Filesize

    5.1MB

    MD5

    655b3cbe2b5972813970f319b370199c

    SHA1

    beed6268c390c2e01e5a8b2ec251910348f407eb

    SHA256

    a344acfe44e56b0a5ebee0029661698bed733892dea8f40e6c2ff764003d628e

    SHA512

    2a21497cd47c0c41fda9f9ed4ec695383b2a5d0f951dc10df27b598535c8d44413fd8243f356a127a9ca0042a3d1e82114c09805f9f48e22e7d2cc3e3d4b9aee

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-28.txt
    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-28.txt
    Filesize

    29B

    MD5

    e11943b778fcf33c5185bfa3e641c94a

    SHA1

    50505bf287c436172ccf5d67ff1babd640b1f058

    SHA256

    091d86251e61493ec1f591c9066b343702ab8461c089703ddec26028b86e5cb8

    SHA512

    26e9d7b7320f95cfddc8dd8f7b4631a8690596aed749c49eae5b30165d54deb04442dffe256ea45197518f1c8f13c0a5a02edeab10365ab342a4d34a95bb65a4

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-28.txt
    Filesize

    57B

    MD5

    44a65aaf40f611d3b2fd2e3769027d4e

    SHA1

    6a1779ed4e4e1f3be852bf6230de4a6e65e9bbca

    SHA256

    e507dfb4955c638e3b13f30e7550972129af18bbb6c34fbb7f8af1e4bb54cbad

    SHA512

    3fcd3b665e9df9974826c78823409cb04127f038b5695fd8485162da32a7c1d9f9b48b8b7272fc869e4eb2b912749dd6fc454cac15c7caa593da54ad90c5f0ba

    Download Submit