Overview

overview

10

Static

static

10

client.apk

android-9-x86

7

client.apk

android-10-x64

7

client.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    client.apk

  • Size

    760KB

  • Sample

    250330-mmkyrsyqy5

  • MD5

    79eab0beb9194682c9a14055d247666a

  • SHA1

    535e3a0d6d82b708ca21b32aa49e1b3d15279482

  • SHA256

    aca15ba9f21811bc3dde0f4e291e843267af4cd2611240ced2349f3a9b26e2e0

  • SHA512

    d07398ced17b11c2357008c8b483fa0b8e82002bd6065a9fc56288b8bfa61ea5d52d453d2b61621403f21019b059210767b42d937ff0a4506b0f149cac18e9b5

  • SSDEEP

    12288:c6kIwACa1a8LVe2/yMX+U/5WmpYshXZPbGwidNpgbZ:c6wa1aKe2/X+U/5WmD9idNpu

Score
10/10
spynoteandroidbankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation

Malware Config

Extracted

Family

spynote

C2

193.161.193.99:1194

Targets

    • Target

      client.apk

    • Size

      760KB

    • MD5

      79eab0beb9194682c9a14055d247666a

    • SHA1

      535e3a0d6d82b708ca21b32aa49e1b3d15279482

    • SHA256

      aca15ba9f21811bc3dde0f4e291e843267af4cd2611240ced2349f3a9b26e2e0

    • SHA512

      d07398ced17b11c2357008c8b483fa0b8e82002bd6065a9fc56288b8bfa61ea5d52d453d2b61621403f21019b059210767b42d937ff0a4506b0f149cac18e9b5

    • SSDEEP

      12288:c6kIwACa1a8LVe2/yMX+U/5WmpYshXZPbGwidNpgbZ:c6wa1aKe2/X+U/5WmD9idNpu

    Score
    7/10
    bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

      privilege_escalationimpact
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks