spynote | d522e4850d1bc9dc1dfe9a6a87a4f4461f51df55c18f2ec78bcd8fd473fdfbc5 | Triage

Submit
Reports

Overview

overview

Static

static

32ba21735c...03.apk

android-9-x86

7

32ba21735c...03.apk

android-10-x64

7

32ba21735c...03.apk

android-11-x64

7

Sharing

General

Target

32ba21735cf80b09f862d53dd9308203.bin
Size

9.3MB
Sample

240701-bwl2msvhkp
MD5

32ba21735cf80b09f862d53dd9308203
SHA1

8d26842a364959745501652099a291e1dea755a6
SHA256

d522e4850d1bc9dc1dfe9a6a87a4f4461f51df55c18f2ec78bcd8fd473fdfbc5
SHA512

40277a1c656221fbc24e45c8ac2f00e7f36e773793f920afa01b656f33aa980edfdebc1b919c5be6eb600c641ccfb991669eb2ef7435909338d0125bb79f086d
SSDEEP

98304:zhr3a99xwigMz36ombi/fnL2mzTzBRTQ0tg/MH:Z34x7z3tt3LBz37H

Score

10^/10

spynote android collection credential_access evasion execution persistence

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

32ba21735cf80b09f862d53dd9308203.apk

Resource

android-x86-arm-20240624-en

collection credential_access evasion execution persistence

android-9-x86

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

32ba21735cf80b09f862d53dd9308203.apk

Resource

android-x64-20240624-en

collection credential_access evasion execution persistence

android-10-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

32ba21735cf80b09f862d53dd9308203.apk

Resource

android-x64-arm64-20240624-en

collection credential_access evasion execution persistence

android-11-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  32ba21735cf80b09f862d53dd9308203.bin
- Size
  
  9.3MB
- MD5
  
  32ba21735cf80b09f862d53dd9308203
- SHA1
  
  8d26842a364959745501652099a291e1dea755a6
- SHA256
  
  d522e4850d1bc9dc1dfe9a6a87a4f4461f51df55c18f2ec78bcd8fd473fdfbc5
- SHA512
  
  40277a1c656221fbc24e45c8ac2f00e7f36e773793f920afa01b656f33aa980edfdebc1b919c5be6eb600c641ccfb991669eb2ef7435909338d0125bb79f086d
- SSDEEP
  
  98304:zhr3a99xwigMz36ombi/fnL2mzTzBRTQ0tg/MH:Z34x7z3tt3LBz37H
Score

7^/10

collection credential_access evasion execution persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

collectioncredential_accessevasionexecutionpersistence

behavioral2

collectioncredential_accessevasionexecutionpersistence

behavioral3

collectioncredential_accessevasionexecutionpersistence

© 2018-2024

Terms | Privacy