spynote | c9f38383f9650157e2813cbb94b306c9ac8f2c9653fb7984c0dbe8504ec35c2e | Triage

Sharing

General

Target

c9f38383f9650157e2813cbb94b306c9ac8f2c9653fb7984c0dbe8504ec35c2e.bin
Size

747KB
Sample

250403-1y1p9axns4
MD5

9e540af54cfc1e9b86d08f1cb1bdc388
SHA1

7b34ee137eca62826568abf27a2a9adbe9ed603f
SHA256

c9f38383f9650157e2813cbb94b306c9ac8f2c9653fb7984c0dbe8504ec35c2e
SHA512

2111bfe7c247a0544c403dac84a23861ea8f63961801920ebec36586a74ae90215b8944934d6c2231af053b4cd4033a4566a49da04a770c7009ed2f05aee428a
SSDEEP

12288:AtdTJ6sgRwLzgh7Mk55po5WmpYshXZPbGwidNpgSd:y5J6sbLzEAkfpo5WmD9idNp9

Score

10^/10

spynote android banker defense_evasion discovery persistence

Malware Config

Extracted

Family

spynote

C2

j-sic.gl.at.ply.gg:7583

Targets

- Target
  
  c9f38383f9650157e2813cbb94b306c9ac8f2c9653fb7984c0dbe8504ec35c2e.bin
- Size
  
  747KB
- MD5
  
  9e540af54cfc1e9b86d08f1cb1bdc388
- SHA1
  
  7b34ee137eca62826568abf27a2a9adbe9ed603f
- SHA256
  
  c9f38383f9650157e2813cbb94b306c9ac8f2c9653fb7984c0dbe8504ec35c2e
- SHA512
  
  2111bfe7c247a0544c403dac84a23861ea8f63961801920ebec36586a74ae90215b8944934d6c2231af053b4cd4033a4566a49da04a770c7009ed2f05aee428a
- SSDEEP
  
  12288:AtdTJ6sgRwLzgh7Mk55po5WmpYshXZPbGwidNpgSd:y5J6sbLzEAkfpo5WmD9idNp9
Score

7^/10

banker defense_evasion discovery persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Requests enabling of the accessibility settings.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdefense_evasiondiscoverypersistence

behavioral2

bankerdefense_evasiondiscoverypersistence

behavioral3

bankerdefense_evasiondiscoverypersistence