MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19b468b99966d5d8f88c19e4b371cac9d3b2b45b5ac3fa00ff222edda353f31d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SpyNote


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19b468b99966d5d8f88c19e4b371cac9d3b2b45b5ac3fa00ff222edda353f31d
SHA3-384 hash: e3ef996c1474266b9a2835db7cb4a1d2063762a106fda9cf595bb2d7a10336a59e6ffd651d6bd1b36b5030f2cf56a6f0
SHA1 hash: 93b0e2dbe3bef2638d18fe6a03f3131e151714f2
MD5 hash: 9439b0e0a965c789c8e18f6d1b2ef624
humanhash: missouri-fix-victor-december
File name:YouTube-Premium.apk
Download: download sample
Signature SpyNote
Create hunting rule
File size:12'268'452 bytes
First seen:2023-12-27 03:15:23 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 196608:efqX8wUGLwYGBonSEvsHEfecLCTyinuVScft9hdKKxr:kMNGBVz3TyinuV9ff/FN
TLSH T1C9C68B8AE2979B67C4F703B9743D27651DF64C20DF838287AB08323E64739E78A545D8
TrID 67.7% (.SH3D) Sweet Home 3D design (generic) (10500/1/3)
25.8% (.ZIP) ZIP compressed archive (4000/1)
6.4% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter V3n0mStrike
Tags:apk Spynote


Avatar
V3n0mStrike
http://31.172.83.170/apks/YouTube-Premium.apk

Intelligence

File Origin
# of uploads :
1
# of downloads :
475
Origin country :
CL CL
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PUA.Android.JPush-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/19b468b99966d5d8f88c19e4b371cac9d3b2b45b5ac3fa00ff222edda353f31d
Result
Threat name:
SpyNote
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1367246
Signature
Antivirus / Scanner detection for submitted sample
Contains a screen recorder (to take screenshot)
Multi AV Scanner detection for submitted file
Protects itself from removal
Removes its application launcher (likely to stay hidden)
Requests to ignore battery optimizations
Uses accessibility services (likely to control other applications)
Yara detected apk with invalid zip compression
Yara detected SpyNote
Behaviour
Behavior Graph:
n/a
Score:
0%
Verdict:
Benign
File Type:
Archive
Link:
https://malprob.io/report/19b468b99966d5d8f88c19e4b371cac9d3b2b45b5ac3fa00ff222edda353f31d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/19b468b99966d5d8f88c19e4b371cac9d3b2b45b5ac3fa00ff222edda353f31d/
Threat name:
Android.Trojan.SpyNote
Create hunting rule
Status:
Malicious
First seen:
2023-11-08 19:39:00 UTC
File Type:
Binary (Archive)
Extracted files:
1417
AV detection:
10 of 37 (27.03%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dg2gromzm3k5r6emdhslg4okzhj3fnc3llb7uah7eixn3i2t6moq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
android
Link:
https://tria.ge/reports/231227-dsf3bsffg6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/19b468b99966d5d8f88c19e4b371cac9d3b2b45b5ac3fa00ff222edda353f31d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SpyNote

apk 19b468b99966d5d8f88c19e4b371cac9d3b2b45b5ac3fa00ff222edda353f31d

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2744611/

Comments