MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf58d431913c80ef220eb0e18c5c6a88651012a7cc5b3f73f7cbd4a3f5870053. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SpyNote


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf58d431913c80ef220eb0e18c5c6a88651012a7cc5b3f73f7cbd4a3f5870053
SHA3-384 hash: 5bf03ebb199c610ed75f6233446998676e34ed5da0d067a63dec807077779cf98955bfd3eaa5699f5201dd82dbe36bd8
SHA1 hash: bd450f774b2f4d5e4ec7f1972d03f335af63c75d
MD5 hash: 1cc5c3038d43cffe4a35be3893d3d480
humanhash: pizza-freddie-bulldog-jig
File name:x.apk
Download: download sample
Signature SpyNote
Create hunting rule
File size:3'825'271 bytes
First seen:2024-07-02 04:50:21 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 49152:HfGQjUdFB52/47PVmzJX9czka5xynCA19uLxsmz0zdGGsQTOGqU0Yqc0cgp47HK:HOQgHY6PVSJNukkx0Pxmz0zBLT90tp4K
TLSH T16E06F107EE45CBC3D46C97F86E130CE42E275F28C5816BEB00553A6E7EBA2960EC559C
TrID 43.3% (.APK) Android Package (32500/1/6)
18.0% (.ZAN) BlueEyes Animation (13500/1/4)
18.0% (.JAR) Java Archive (13500/1/2)
14.0% (.SH3D) Sweet Home 3D design (generic) (10500/1/3)
5.3% (.ZIP) ZIP compressed archive (4000/1)
Reporter lontze7
Tags:apk signed Spynote

Code Signing Certificate

Organisation:Android
Issuer:Android
Algorithm:md5WithRSAEncryption
Valid from:2008-04-15T23:40:57Z
Valid to:2035-09-01T23:40:57Z
Serial number: f2b98e6123572c4e
Intelligence: 109 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 465983f7791f2abeb43ea2cbdc7f21a8260b72bc08a55c839fc1a43bc741a81e
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
270
Origin country :
GR GR
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Android.SpyMax.291.21815.21697.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  2.5/10
Confidence:
90%
Link:
https://www.filescan.io/uploads/6683873926c925aa13a6f740/reports/60b65063-712d-4875-a05b-180a2daeb06f/overview
Result
Link:
https://incinerator.cloud/#/public/report/1cc5c3038d43cffe4a35be3893d3d480/detail
Application Permissions
read contact data (READ_CONTACTS)
list accounts (GET_ACCOUNTS)
take pictures and videos (CAMERA)
record audio (RECORD_AUDIO)
coarse (network-based) location (ACCESS_COARSE_LOCATION)
fine (GPS) location (ACCESS_FINE_LOCATION)
directly call phone numbers (CALL_PHONE)
read external storage contents (READ_EXTERNAL_STORAGE)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
display system-level alerts (SYSTEM_ALERT_WINDOW)
read phone state and identity (READ_PHONE_STATE)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
send SMS messages (SEND_SMS)
read SMS or MMS (READ_SMS)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
full Internet access (INTERNET)
prevent phone from sleeping (WAKE_LOCK)
set alarm in alarm clock (SET_ALARM)
view network status (ACCESS_NETWORK_STATE)
view Wi-Fi status (ACCESS_WIFI_STATE)
change Wi-Fi status (CHANGE_WIFI_STATE)
set wallpaper (SET_WALLPAPER)
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/cf58d431913c80ef220eb0e18c5c6a88651012a7cc5b3f73f7cbd4a3f5870053
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cf58d431913c80ef220eb0e18c5c6a88651012a7cc5b3f73f7cbd4a3f5870053/
Threat name:
Android.Trojan.SpyNote
Create hunting rule
Status:
Malicious
First seen:
2024-07-02 04:51:06 UTC
File Type:
Binary (Archive)
Extracted files:
88
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z5mnimmrhsao6iqowdqyyxdkrbsraevhzrnt647xzpkkh5mhabjq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
android
Link:
https://tria.ge/reports/240702-fgtkdszhkq/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cf58d431913c80ef220eb0e18c5c6a88651012a7cc5b3f73f7cbd4a3f5870053

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SpyNote

apk cf58d431913c80ef220eb0e18c5c6a88651012a7cc5b3f73f7cbd4a3f5870053

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2917704/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2918464/

Comments