spynote | 108e1372a6430af980e2f334395817d10226fa1376c09e01b586febc645c8f48 | Triage

Sharing

General

Target

108e1372a6430af980e2f334395817d10226fa1376c09e01b586febc645c8f48.bin
Size

760KB
Sample

250330-1wwnhsxxey
MD5

787870cf29a9c56d5509dcd7f8c615d4
SHA1

d96ecbaf50bcf3a8d1c4ce45651914549a7a0824
SHA256

108e1372a6430af980e2f334395817d10226fa1376c09e01b586febc645c8f48
SHA512

c6aba320a007d3c80496d392e5fed00988addc58034509566d23e2151dbe6412ad8c6b97d56e43d5fc69ded1efa427a64dc46eb325e1ff74284aa02f47026040
SSDEEP

12288:KyQka1a8Lrervjnn0IG5WmpYshXZPbGwidNpglT:Ha1a2erjn0IG5WmD9idNpu

Score

10^/10

spynote android banker defense_evasion discovery persistence

Malware Config

Extracted

Family

spynote

C2

192.168.43.85:5214

Targets

- Target
  
  108e1372a6430af980e2f334395817d10226fa1376c09e01b586febc645c8f48.bin
- Size
  
  760KB
- MD5
  
  787870cf29a9c56d5509dcd7f8c615d4
- SHA1
  
  d96ecbaf50bcf3a8d1c4ce45651914549a7a0824
- SHA256
  
  108e1372a6430af980e2f334395817d10226fa1376c09e01b586febc645c8f48
- SHA512
  
  c6aba320a007d3c80496d392e5fed00988addc58034509566d23e2151dbe6412ad8c6b97d56e43d5fc69ded1efa427a64dc46eb325e1ff74284aa02f47026040
- SSDEEP
  
  12288:KyQka1a8Lrervjnn0IG5WmpYshXZPbGwidNpglT:Ha1a2erjn0IG5WmD9idNpu
Score

7^/10

banker defense_evasion discovery persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdefense_evasiondiscoverypersistence

behavioral2

bankerdefense_evasiondiscoverypersistence

behavioral3

bankerdefense_evasiondiscoverypersistence