Analysis

  • max time kernel
    3887826s
  • max time network
    35s
  • platform
    android_x86_64
  • resource
    android-x86-avd2
  • submitted
    13-08-2020 12:07

General

  • Target

    18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25.apk

  • Size

    1.6MB

  • MD5

    b8d3cd2eed88a3dbd30e1447c1add48b

  • SHA1

    c21e13d788b4c177829ac43b8bd4c71487fe41f5

  • SHA256

    18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25

  • SHA512

    fe012a29fc00b8d76f9c293ca42618edeca8e2eec41f8117513ed162b3e9a178d2ee5ca3e9abcab0cc423c03c2d0b9a3867f428b9ed9f75cb06bfcbc8ab540f3

Malware Config

Extracted

Family

anubis

C2

http://ktosdelaetskrintotpidor.com

http://sositehuypidarasi.com

Signatures

  • Anubis banker

    Android banker that uses overlays.

  • Removes its main activity from the application launcher 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Suspicious use of android.app.ActivityManager.getRunningServices 10 IoCs
  • Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs
  • Uses reflection 132 IoCs

Processes

  • com.arhmhjzr.qrcbiocw
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Suspicious use of android.app.ActivityManager.getRunningServices
    • Suspicious use of android.os.PowerManager$WakeLock.acquire
    • Uses reflection
    PID:5245

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads