MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91777f293e78565ee0d455153921fcd187f2232bcdd189eaf6fbb8a3c6bf2dfe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



SpyNote


Vendor detections: 5


Intelligence 5 IOCs YARA 6 File information Comments

SHA256 hash: 91777f293e78565ee0d455153921fcd187f2232bcdd189eaf6fbb8a3c6bf2dfe
SHA3-384 hash: 4514abbaeea6f9ab350015573479dae90e12462b8cf67d41920d095fab18a0b213a625af0fe9c41c481f884472eb408d
SHA1 hash: 0b56ac049dadb5755124e5fccd1248ca4dc995cf
MD5 hash: bbcdc5795fe8c701ae0b9cae6cf5133d
humanhash: zebra-failed-alanine-romeo
File name:5030-0.dex
Download: download sample
Signature SpyNote
File size:5'352'916 bytes
First seen:2026-07-01 17:35:52 UTC
Last seen:Never
File type:
MIME type:application/octet-stream
ssdeep 49152:TK0DyWnK62vw61mdkYkK3xARSreXbcH3V:W0WWnK62oGu0W
TLSH T1B0462843EA424D32C6CE837989FF074D2374A146B7438B57240DF1796CA33D9AAD929E
Magika dex
Reporter BastianHein
Tags:dex Spynote

Intelligence


File Origin
# of uploads :
1
# of downloads :
17
Origin country :
CL CL
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
92.5%
Tags:
malware
Threat name:
Android.Trojan.SpyNote
Status:
Malicious
First seen:
2026-06-15 00:14:15 UTC
File Type:
DEX (Exe)
AV detection:
7 of 34 (20.59%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:FreddyBearDropper
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:Jeevan_Malware_Rewards
Author:ShriTiger
Description:Detects JeevanReward variants using Technical, Anti-Analysis, and Indian SE keywords
Rule name:Spynote_generic_strings
Author:Alberto Segura
Description:Detects Spynote Android Malware
Rule name:Sus_CMD_Powershell_Usage
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:telebot_framework
Author:vietdx.mb

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments