Manuel Statik Analiz — SpyNote Android RAT | Tehdit: KRITIK

Dosya Kimligi

SHA25687def7f445734b4b4f532e46b6b058f5b0f8b74085ef90d812cf83a29c84b4e
Dosya Adiready.apk
PlatformAndroid APK
Boyut704.893 byte
String Sayisi3.204

Acik Metin C2 -- DOGRULANMIS

KRITIK IOC: C2 alan adi acik metin olarak tespit edildi.
everspy.ru   <-- SpyNote C2 alan adi (ACIK METIN)

Android RAT UI Kaniti

user-select: none; (CSS)
webkit-inner-spin (WebKit CSS)
-- WebView tabanli Android kontrol paneli HTML/CSS

SpyNote Hakkinda

SpyNote, 2016'dan beri aktif Android RAT ailesidir. Kamera/mikrofon erisimi, GPS konum, SMS/arama kaydi, ekran goruntuleme, uygulama listeleme ve dosya yukleme/indirme ozelligi vardir. .ru domaini uzerinde C2 panel barindirarak Dogu Avrupa/Rusya mensel aktorlerle iliskilendirilmistir.

IOC

SHA25687def7f445734b4b4f532e46b6b058f5b0f8b74085ef90d812cf83a29c84b4e
C2everspy.ru
PlatformAndroid APK

SpyNote — Malware Profile

SpyNote Android RAT (SpyMax/CypherRAT). com.clean.exchanges.xyz sahte kripto. Genymotion vbox86p emulator tespiti. Telegram C2.

Malware Type
RAT
Programming Language
Java
C2 Protocol
TCP
Target Systems
Android
Also Known As (AKA)
CypherRAT

Technical Details

Java/Kotlin (Android), bcast receiver persistence, SMS/contact stealer, camera/mic erisim, location tracking, keylogger (Accessibility Service), remote shell, screen record, banking app overlay

Capabilities & Behavior

Uzaktan Erişim & Kontrol
Keylogger
Ekran Görüntüsü
Webcam Erişimi
Dosya Yönetimi
Süreç Yönetimi
Komut Yürütme
Kalıcılık Mekanizması

IOC List (1 indicators)

IOC — SpyNote
# DOMAIN everspy.ru
TypeValueNote
domain everspy.ru

C2 Servers (1 recorded servers for this family)

Address Type Port Protocol Status Country
everspy.ru domain &mdash; TCP inactive &mdash;

C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.

Tags
spynoteandroidapkeverspy-rucleartext-c2webview