Analysis

  • max time kernel
    3887798s
  • max time network
    42s
  • platform
    android_x86_64
  • resource
    android-x86-avd1
  • submitted
    13-08-2020 12:07

General

  • Target

    0ffdf82f55912d00705d91f90894abbbc728ecd9bad1b850c4b490f7a0796d45.apk

  • Size

    4.4MB

  • MD5

    946e6fb8d3265bfbfbe405659939e511

  • SHA1

    d73aa08565792e5e5729c1639c22da5d09e2ef15

  • SHA256

    0ffdf82f55912d00705d91f90894abbbc728ecd9bad1b850c4b490f7a0796d45

  • SHA512

    8940187e330965a6c3c175760f237238087c0c9d2a3dd14ea851fde571d4769bf2099971f3f43af22a9747197f03127f290f6175fc6bdf9f20912001f6c64a6b

Malware Config

Extracted

Family

anubis

C2

http://ktosdelaetskrintotpidor.com

http://sositehuypidarasi.com

Signatures

  • Anubis banker

    Android banker that uses overlays.

  • Removes its main activity from the application launcher 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Suspicious use of android.app.ActivityManager.getRunningServices 12 IoCs
  • Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs
  • Uses reflection 132 IoCs

Processes

  • com.ocpsqap.rsqxgniz
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Suspicious use of android.app.ActivityManager.getRunningServices
    • Suspicious use of android.os.PowerManager$WakeLock.acquire
    • Uses reflection
    PID:4773

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads