MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec1eb46d8ff3d981668094e9a92482fabc61e5fb236ea7f458051e9840f4d9b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SpyNote


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec1eb46d8ff3d981668094e9a92482fabc61e5fb236ea7f458051e9840f4d9b5
SHA3-384 hash: 7044b29f57804dce674b785ca550096a8206d6840e615963c8c04aff4cb13ba51682144406d16803504da9cceae685cd
SHA1 hash: 98e196b89c905a660f6e560c769472b98f7a665c
MD5 hash: f187f9393cef931889c8f24f4a923976
humanhash: avocado-jupiter-texas-alaska
File name:Scorpion.apk
Download: download sample
Signature SpyNote
Create hunting rule
File size:4'603'355 bytes
First seen:2024-05-04 09:02:54 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 98304:obW2o/2rl0uyWv57r7CUhWLZSgBmz4zB7T40tsEs2p9M:sHo+z7nA15kzEjTa
TLSH T1ED26F103EB48DA9BD9AE83F2AF270C9915171F15C693A6D345503A6E2DB73C10DC5ACC
TrID 43.3% (.APK) Android Package (32500/1/6)
18.0% (.ZAN) BlueEyes Animation (13500/1/4)
18.0% (.JAR) Java Archive (13500/1/2)
14.0% (.SH3D) Sweet Home 3D design (generic) (10500/1/3)
5.3% (.ZIP) ZIP compressed archive (4000/1)
Reporter 500mk500
Tags:apk signed Spynote

Code Signing Certificate

Organisation:Android Debug
Issuer:Android Debug
Algorithm:sha256WithRSAEncryption
Valid from:2016-10-23T20:10:05Z
Valid to:2044-03-10T20:10:05Z
Serial number: 056c1a15
Intelligence: 63 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 1e08a903aef9c3a721510b64ec764d01d3d094eb954161b62544ea8f187b5953
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
347
Origin country :
UA UA
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Android.SpyMax.37.origin.6857.9467.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
lolbin remote
Link:
https://www.filescan.io/uploads/6635f9cdca951b85945d30df/reports/1a4e271e-d835-47cc-a19b-b6a19622b71a/overview
Result
Link:
https://incinerator.cloud/#/public/report/f187f9393cef931889c8f24f4a923976/detail
Application Permissions
send SMS messages (SEND_SMS)
read SMS or MMS (READ_SMS)
read contact data (READ_CONTACTS)
list accounts (GET_ACCOUNTS)
take pictures and videos (CAMERA)
record audio (RECORD_AUDIO)
coarse (network-based) location (ACCESS_COARSE_LOCATION)
fine (GPS) location (ACCESS_FINE_LOCATION)
directly call phone numbers (CALL_PHONE)
read external storage contents (READ_EXTERNAL_STORAGE)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
display system-level alerts (SYSTEM_ALERT_WINDOW)
read phone state and identity (READ_PHONE_STATE)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
set wallpaper (SET_WALLPAPER)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
full Internet access (INTERNET)
prevent phone from sleeping (WAKE_LOCK)
set alarm in alarm clock (SET_ALARM)
view network status (ACCESS_NETWORK_STATE)
view Wi-Fi status (ACCESS_WIFI_STATE)
change Wi-Fi status (CHANGE_WIFI_STATE)
Score:
0%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/ec1eb46d8ff3d981668094e9a92482fabc61e5fb236ea7f458051e9840f4d9b5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ec1eb46d8ff3d981668094e9a92482fabc61e5fb236ea7f458051e9840f4d9b5/
Threat name:
Android.Trojan.SpyNote
Create hunting rule
Status:
Malicious
First seen:
2024-05-04 08:51:01 UTC
File Type:
Binary (Archive)
Extracted files:
435
AV detection:
8 of 23 (34.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5qpli3mp6pmyczuastu2sjec7k6gdzp3enxkp5cyaupjqqhu3g2q._file
Result
Malware family:
spynote
Create hunting rule
Score:
  10/10
Tags:
family:spynote android
Link:
https://tria.ge/reports/240504-kz15eacb77/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ec1eb46d8ff3d981668094e9a92482fabc61e5fb236ea7f458051e9840f4d9b5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malpedia
Malpedia
https://twitter.com/JustWantToQ1/status/1786651917965271410

Comments