spymax | ddfddebc0022cb146440f1eecdd8039f012d0f19bd3bfe4ba272935fb8968da0 | Triage

Submit
Reports

Overview

overview

Static

static

YouTube.apk

android-11-x64

8

Sharing

General

Target

YouTube.apk
Size

20.4MB
Sample

231103-q6wfdsbg2v
MD5

2c0bab1ca0d92025176ddbaa2a493f8f
SHA1

b40464cf0ced26ea18e13c2a0ffa42b15124b7c2
SHA256

ddfddebc0022cb146440f1eecdd8039f012d0f19bd3bfe4ba272935fb8968da0
SHA512

0413f83ee70b24540f3ddd684a07b76f616b0361f0735c1bfa5478823be7046fc5dc780f983f87851a9210def28f14cfe0af8b4e01a10b3e3aee0c886d44f939
SSDEEP

393216:x6xhRim0VFAiwcdAKkX0WzmnNRoFhjssQAxAZbHobKz8p1VPrCwAUl1:kxhRiBV2i3dAxAnHo8sFxAhovp1VPrCg

Score

10^/10

spymax android banker

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

YouTube.apk

Resource

android-x64-arm64-20231023-en

android-11-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

spymax

C2

7.tcp.eu.ngrok.io:19579

Targets

- Target
  
  YouTube.apk
- Size
  
  20.4MB
- MD5
  
  2c0bab1ca0d92025176ddbaa2a493f8f
- SHA1
  
  b40464cf0ced26ea18e13c2a0ffa42b15124b7c2
- SHA256
  
  ddfddebc0022cb146440f1eecdd8039f012d0f19bd3bfe4ba272935fb8968da0
- SHA512
  
  0413f83ee70b24540f3ddd684a07b76f616b0361f0735c1bfa5478823be7046fc5dc780f983f87851a9210def28f14cfe0af8b4e01a10b3e3aee0c886d44f939
- SSDEEP
  
  393216:x6xhRim0VFAiwcdAKkX0WzmnNRoFhjssQAxAZbHobKz8p1VPrCwAUl1:kxhRiBV2i3dAxAnHo8sFxAhovp1VPrCg
Score

8^/10

banker
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests dangerous framework permissions
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy