anubis | 18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25

Resubmissions

02-04-2024 06:58

240402-hrp13aae2w 8

13-08-2020 12:07

200813-m8qffw1xej 10

Analysis

max time kernel
3887826s
max time network
35s
platform
android_x86_64
resource
android-x86-avd2
submitted
13-08-2020 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25.apk
Size

1.6MB
MD5

b8d3cd2eed88a3dbd30e1447c1add48b
SHA1

c21e13d788b4c177829ac43b8bd4c71487fe41f5
SHA256

18832427a4a7dd1c2960a40fc13fc0dfc5357ecafdf7dae9f89d721f4138bc25
SHA512

fe012a29fc00b8d76f9c293ca42618edeca8e2eec41f8117513ed162b3e9a178d2ee5ca3e9abcab0cc423c03c2d0b9a3867f428b9ed9f75cb06bfcbc8ab540f3

Score

10^/10

obfuscation stealth trojan banker infostealer anubis

Malware Config

Extracted

Family

anubis

http://ktosdelaetskrintotpidor.com

http://sositehuypidarasi.com

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Removes its main activity from the application launcher 1 IoCs

stealth trojan

Processes:

com.arhmhjzr.qrcbiocw

pid	Process
5245	com.arhmhjzr.qrcbiocw

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.arhmhjzr.qrcbiocw

ioc	pid	Process
/data/user/0/com.arhmhjzr.qrcbiocw/app_files/nrjohko.jar	5245	com.arhmhjzr.qrcbiocw

Suspicious use of android.app.ActivityManager.getRunningServices 10 IoCs

Processes:

com.arhmhjzr.qrcbiocw

pid	Process
5245	com.arhmhjzr.qrcbiocw
5245	com.arhmhjzr.qrcbiocw
5245	com.arhmhjzr.qrcbiocw
5245	com.arhmhjzr.qrcbiocw
5245	com.arhmhjzr.qrcbiocw
5245	com.arhmhjzr.qrcbiocw
5245	com.arhmhjzr.qrcbiocw
5245	com.arhmhjzr.qrcbiocw
5245	com.arhmhjzr.qrcbiocw
5245	com.arhmhjzr.qrcbiocw

Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs

Processes:

com.arhmhjzr.qrcbiocw

pid	Process
5245	com.arhmhjzr.qrcbiocw

Uses reflection 132 IoCs

obfuscation

Processes:

com.arhmhjzr.qrcbiocw

description	pid	Process
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method android.content.ContextWrapper.getBaseContext	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method android.app.ContextImpl.getDir	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.io.File.getAbsolutePath	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method android.content.ContextWrapper.getAssets	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method android.content.res.AssetManager.openNonAssetFd	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method android.content.res.AssetFileDescriptor.createInputStream	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method android.content.res.AssetFileDescriptor$AutoCloseInputStream.read	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.System.arraycopy	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method android.content.res.AssetFileDescriptor$AutoCloseInputStream.read	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.System.arraycopy	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.System.arraycopy	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method android.content.res.AssetFileDescriptor$AutoCloseInputStream.read	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.System.arraycopy	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method android.content.res.AssetFileDescriptor$AutoCloseInputStream.read	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.System.arraycopy	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.System.arraycopy	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.forName	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getConstructor	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.Constructor.newInstance	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.io.FileOutputStream.write	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.io.FileOutputStream.close	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getClassLoader	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.forName	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.forName	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getConstructor	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.Constructor.newInstance	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getDeclaredField	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.forName	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getDeclaredField	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Acesses field java.lang.Boolean.TRUE	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.Field.get	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.AccessibleObject.setAccessible	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Acesses field android.app.ContextImpl.mPackageInfo	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.Field.get	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getDeclaredField	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.forName	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getDeclaredField	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Acesses field java.lang.Boolean.TRUE	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.Field.get	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.AccessibleObject.setAccessible	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Acesses field android.app.LoadedApk.mClassLoader	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.Field.set	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.forName	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getConstructor	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.Constructor.newInstance	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.io.File.delete	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.forName	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getConstructor	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.Constructor.newInstance	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.io.File.delete	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.ClassLoader.loadClass	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.forName	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method android.app.Instrumentation.newApplication	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getDeclaredField	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.forName	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getDeclaredField	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Acesses field java.lang.Boolean.TRUE	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.Field.get	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.AccessibleObject.setAccessible	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Acesses field android.app.ContextImpl.mPackageInfo	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.Field.get	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getDeclaredField	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.forName	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getDeclaredField	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Acesses field java.lang.Boolean.TRUE	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.Field.get	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.AccessibleObject.setAccessible	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Acesses field android.app.LoadedApk.mApplication	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.reflect.Field.set	5245	com.arhmhjzr.qrcbiocw
Invokes method java.lang.Class.getMethods	5245	com.arhmhjzr.qrcbiocw
Invokes method com.arhmhjzr.qrcbiocw.uwdBZuREIe.onCreate	5245	com.arhmhjzr.qrcbiocw

com.arhmhjzr.qrcbiocw
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Suspicious use of android.app.ActivityManager.getRunningServices
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Uses reflection
PID:5245

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads