Overview

overview

10

Static

static

10

Interbank....1).apk

android-9-x86

1

Interbank....1).apk

android-10-x64

1

Interbank....1).apk

android-11-x64

1

childapp.apk

android-9-x86

childapp.apk

android-10-x64

7

childapp.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Interbank.Seguridad (1).apk

  • Size

    8.6MB

  • Sample

    250402-trz2tazvaw

  • MD5

    821b5d030082efa1dad1301741feaa91

  • SHA1

    04cd24b8b9ece639d4ced8d8a3e37d60765c8983

  • SHA256

    534729743f2226b147350301fa634fb82afc04421267bc32bc4c24e1a1b3b18c

  • SHA512

    56052120c48d1d40dcea2c0f5aa33c7b7ad9b3bc560bc2f03f25708f6ddb1e9fc697a4982b7e7a777c84de1045a59a1643a1941fadba75f9f89fe918b3b53901

  • SSDEEP

    196608:h6SqlptZDnKOr8IQURtXfBNsrPIsIxWdShl+NfLmQ:USqlp3DXPlfjs7/g+Shls

Score
10/10
spynoteandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactpersistence

Malware Config

Targets

    • Target

      Interbank.Seguridad (1).apk

    • Size

      8.6MB

    • MD5

      821b5d030082efa1dad1301741feaa91

    • SHA1

      04cd24b8b9ece639d4ced8d8a3e37d60765c8983

    • SHA256

      534729743f2226b147350301fa634fb82afc04421267bc32bc4c24e1a1b3b18c

    • SHA512

      56052120c48d1d40dcea2c0f5aa33c7b7ad9b3bc560bc2f03f25708f6ddb1e9fc697a4982b7e7a777c84de1045a59a1643a1941fadba75f9f89fe918b3b53901

    • SSDEEP

      196608:h6SqlptZDnKOr8IQURtXfBNsrPIsIxWdShl+NfLmQ:USqlp3DXPlfjs7/g+Shls

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      childapp.apk

    • Size

      6.4MB

    • MD5

      f08fbd2e8f1e0a98cbf9f7e2249a5108

    • SHA1

      be1b0c62bf17c0e7978b59c150156e792944066c

    • SHA256

      9cadc8b5386ab7711768b97fd718926a225f1df4d99a799b22d6569f7543e1a1

    • SHA512

      6efe08a20353fecb6995e09e40be2a082d72a59692a146ab316ae7ce59d7b20e04379431911b3d8fec498035fcfb9043cd8a8598fd2edc396fd0332fc8d80fcb

    • SSDEEP

      98304:Hy3pzBKFmzhnsaLEwDyquY7N0mdq6ty+Ye7Zvf6LuWyc4pwWyl1Pqu:HczhnsaLEcyu77j7Z39Wl1H

    Score
    7/10
    bankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionpersistenceimpact

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Launchs application uninstaller.

      defense_evasionimpact

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence
    behavioral4behavioral5behavioral6

MITRE ATT&CK Mobile v15

Tasks