Overview

overview

10

Static

static

10

client.apk

android-13-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    client.apk

  • Size

    760KB

  • Sample

    250330-mtx7nsw1hw

  • MD5

    49d4ef134bd0f640742023117e5c2e21

  • SHA1

    5dcd927edaae792444bf01adc27e9cb744edb824

  • SHA256

    29a97e6d45ef1c7b72b475db90f2f9f79e9ceac90bdf24322e9ed7b180175751

  • SHA512

    327204a037726c2e98927b936d90289a3b00d2c72f8f1566e5b19d75281e77b1730e7aeb4b9ab87e39a28b9c3f8ec103d82488c2dafd637efc1a6e8711636592

  • SSDEEP

    12288:ky1Ob1a1a8LreXKnvrDM/5WmpYshXZPbGwidNpgB9:kyGa1a2eXqrDM/5WmD9idNpA

Score
10/10
spynoteandroidbankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation

Malware Config

Extracted

Family

spynote

C2

193.161.193.99:1194

Targets

    • Target

      client.apk

    • Size

      760KB

    • MD5

      49d4ef134bd0f640742023117e5c2e21

    • SHA1

      5dcd927edaae792444bf01adc27e9cb744edb824

    • SHA256

      29a97e6d45ef1c7b72b475db90f2f9f79e9ceac90bdf24322e9ed7b180175751

    • SHA512

      327204a037726c2e98927b936d90289a3b00d2c72f8f1566e5b19d75281e77b1730e7aeb4b9ab87e39a28b9c3f8ec103d82488c2dafd637efc1a6e8711636592

    • SSDEEP

      12288:ky1Ob1a1a8LreXKnvrDM/5WmpYshXZPbGwidNpgB9:kyGa1a2eXqrDM/5WmD9idNpA

    Score
    7/10
    bankerdefense_evasiondiscoveryimpactpersistenceprivilege_escalation

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Tries to add a device administrator.

      privilege_escalationimpact
    behavioral1

MITRE ATT&CK Mobile v15

Tasks