spynote | 03576bb5ad968e86c97e69964bbadce22b92ed744303de178b0ddd3a9aba116d | Triage

Sharing

General

Target

client.apk
Size

760KB
Sample

250330-m2mqxaxtbw
MD5

17341301ef64dae887ecaaeb1788cdbc
SHA1

978988d7eacafb8b9e8e17e87c79ce6dede3ce26
SHA256

03576bb5ad968e86c97e69964bbadce22b92ed744303de178b0ddd3a9aba116d
SHA512

4fdff973c76c1eb8c99d77ecca5ae39a90d262efc4c1cc03db64ea9371ab704d0f6ece473f04738b80eca26a72552703237c9cb2b836c1f847aac97ee979c438
SSDEEP

12288:yiAYHza1a8LrePYCrYtpOk5WmpYshXZPbGwidNpgDC3wK:rza1a2ePYBtpOk5WmD9idNpHj

Score

10^/10

spynote android banker defense_evasion discovery evasion impact persistence privilege_escalation stealth trojan

Malware Config

Extracted

Family

spynote

C2

ngrok-free.app:8080

Targets

- Target
  
  client.apk
- Size
  
  760KB
- MD5
  
  17341301ef64dae887ecaaeb1788cdbc
- SHA1
  
  978988d7eacafb8b9e8e17e87c79ce6dede3ce26
- SHA256
  
  03576bb5ad968e86c97e69964bbadce22b92ed744303de178b0ddd3a9aba116d
- SHA512
  
  4fdff973c76c1eb8c99d77ecca5ae39a90d262efc4c1cc03db64ea9371ab704d0f6ece473f04738b80eca26a72552703237c9cb2b836c1f847aac97ee979c438
- SSDEEP
  
  12288:yiAYHza1a8LrePYCrYtpOk5WmpYshXZPbGwidNpgDC3wK:rza1a2ePYBtpOk5WmD9idNpHj
Score

8^/10

banker defense_evasion discovery persistence evasion impact privilege_escalation stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

behavioral2

bankerdefense_evasiondiscoverypersistence

behavioral3

bankerdefense_evasiondiscoveryevasionimpactpersistenceprivilege_escalationstealthtrojan