spynote | 42f45eeec399887bb4625c8fe56e8945cfb9e480b004e5ea9a74cdda4ccdefb7 | Triage

Sharing

General

Target

client.apk
Size

760KB
Sample

250329-lzvs3asmz9
MD5

8171bddfe441311fd12dbb372901a202
SHA1

8f643a2d3749aebe6baea935b916c881a54b224c
SHA256

42f45eeec399887bb4625c8fe56e8945cfb9e480b004e5ea9a74cdda4ccdefb7
SHA512

f7f3cc289cf6544e319b99fbfa54e5571fccb037337baccb21e404ddaee60c5494e57bede795462bd642eda4ee1ec03a24d29b3080ba5c3e739a89a0726fb0b2
SSDEEP

12288:pRkI9rda1a8LVe/FfKxyqg5WmpYshXZPbGwidNpgpx:pRda1aKe/8xyqg5WmD9idNpE

Score

10^/10

spynote android banker defense_evasion discovery evasion impact persistence privilege_escalation stealth trojan

Malware Config

Extracted

Family

spynote

C2

193.161.193.99:1194

Targets

- Target
  
  client.apk
- Size
  
  760KB
- MD5
  
  8171bddfe441311fd12dbb372901a202
- SHA1
  
  8f643a2d3749aebe6baea935b916c881a54b224c
- SHA256
  
  42f45eeec399887bb4625c8fe56e8945cfb9e480b004e5ea9a74cdda4ccdefb7
- SHA512
  
  f7f3cc289cf6544e319b99fbfa54e5571fccb037337baccb21e404ddaee60c5494e57bede795462bd642eda4ee1ec03a24d29b3080ba5c3e739a89a0726fb0b2
- SSDEEP
  
  12288:pRkI9rda1a8LVe/FfKxyqg5WmpYshXZPbGwidNpgpx:pRda1aKe/8xyqg5WmD9idNpE
Score

8^/10

banker defense_evasion discovery impact persistence privilege_escalation evasion stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation

behavioral2

bankerdefense_evasiondiscoverypersistence

behavioral3

bankerdefense_evasiondiscoveryevasionimpactpersistenceprivilege_escalationstealthtrojan