anubis | 0ffdf82f55912d00705d91f90894abbbc728ecd9bad1b850c4b490f7a0796d45

General

Target

0ffdf82f55912d00705d91f90894abbbc728ecd9bad1b850c4b490f7a0796d45.apk
Size

4.4MB
MD5

946e6fb8d3265bfbfbe405659939e511
SHA1

d73aa08565792e5e5729c1639c22da5d09e2ef15
SHA256

0ffdf82f55912d00705d91f90894abbbc728ecd9bad1b850c4b490f7a0796d45
SHA512

8940187e330965a6c3c175760f237238087c0c9d2a3dd14ea851fde571d4769bf2099971f3f43af22a9747197f03127f290f6175fc6bdf9f20912001f6c64a6b

Score

10^/10

obfuscation stealth trojan banker infostealer anubis

Malware Config

Extracted

Family

anubis

C2

http://ktosdelaetskrintotpidor.com

http://sositehuypidarasi.com

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis
Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

com.ocpsqap.rsqxgniz

pid process

4773 com.ocpsqap.rsqxgniz
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.ocpsqap.rsqxgniz

ioc pid process

/data/user/0/com.ocpsqap.rsqxgniz/app_files/tqfeominjqy.jar 4773 com.ocpsqap.rsqxgniz

ioc	pid	process
/data/user/0/com.ocpsqap.rsqxgniz/app_files/tqfeominjqy.jar	4773	com.ocpsqap.rsqxgniz

Suspicious use of android.app.ActivityManager.getRunningServices 12 IoCs

Processes:

com.ocpsqap.rsqxgniz

pid	process
4773	com.ocpsqap.rsqxgniz
4773	com.ocpsqap.rsqxgniz
4773	com.ocpsqap.rsqxgniz
4773	com.ocpsqap.rsqxgniz
4773	com.ocpsqap.rsqxgniz
4773	com.ocpsqap.rsqxgniz
4773	com.ocpsqap.rsqxgniz
4773	com.ocpsqap.rsqxgniz
4773	com.ocpsqap.rsqxgniz
4773	com.ocpsqap.rsqxgniz
4773	com.ocpsqap.rsqxgniz
4773	com.ocpsqap.rsqxgniz

Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs

Processes:

com.ocpsqap.rsqxgniz

pid process

4773 com.ocpsqap.rsqxgniz

Uses reflection 132 IoCs

obfuscation

Processes:

com.ocpsqap.rsqxgniz

description	pid	process
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method android.content.ContextWrapper.getBaseContext	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method android.app.ContextImpl.getDir	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.io.File.getAbsolutePath	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method android.content.ContextWrapper.getAssets	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method android.content.res.AssetManager.openNonAssetFd	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method android.content.res.AssetFileDescriptor.createInputStream	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method android.content.res.AssetFileDescriptor$AutoCloseInputStream.read	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.System.arraycopy	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method android.content.res.AssetFileDescriptor$AutoCloseInputStream.read	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.System.arraycopy	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.System.arraycopy	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method android.content.res.AssetFileDescriptor$AutoCloseInputStream.read	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.System.arraycopy	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method android.content.res.AssetFileDescriptor$AutoCloseInputStream.read	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.System.arraycopy	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.System.arraycopy	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.forName	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getConstructor	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.reflect.Constructor.newInstance	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.io.FileOutputStream.write	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.io.FileOutputStream.close	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getClassLoader	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.forName	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.forName	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getConstructor	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.reflect.Constructor.newInstance	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getDeclaredField	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.forName	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getDeclaredField	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Acesses field java.lang.Boolean.TRUE	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.reflect.Field.get	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.reflect.AccessibleObject.setAccessible	4773	com.ocpsqap.rsqxgniz
Invokes method java.lang.Class.getMethods	4773	com.ocpsqap.rsqxgniz

com.ocpsqap.rsqxgniz
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Suspicious use of android.app.ActivityManager.getRunningServices
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Uses reflection
PID:4773

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads