Analysis
-
max time kernel
3881681s -
max time network
135s -
platform
android_x86_64 -
resource
android-x86_64 -
submitted
20-11-2020 20:32
General
-
Target
eDestek.apk
-
Size
2.2MB
-
MD5
99bd34fa6745f385d374847db6ac30e0
-
SHA1
0dae181a63d32fdbc7fa2c3f00fdffb1a48bb957
-
SHA256
7138689203dc5a2fe9cfcb84c39885e4b53eec9a72f37e36ddee61490f8217ca
-
SHA512
be93d5bc67c6a0de9bbb1e4ebff15e6017e63e3fe9e98fe8edb489a7146a38c694df229545005482efdf6bffe1a089c15bce9036c9936f34969f4d5ffab7a31b
Score
10/10
Malware Config
Extracted
Family
anubis
C2
https://kendi-resim-sayfam-ozel.me/
https://kendi-resim-sayfam-ozel.me/
Signatures
-
Anubis banker
Android banker that uses overlays.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
-
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
-
Suspicious use of android.app.ActivityManager.getRunningServices 126 IoCs
-
Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs
-
Suspicious use of android.telephony.TelephonyManager.getLine1Number 8 IoCs
-
Suspicious use of android.telephony.TelephonyManager.getNetworkCountryIso 8 IoCs
-
Uses reflection 35 IoCs
Processes
-
void.special.coil1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Reads name of network operator
- Suspicious use of android.app.ActivityManager.getRunningServices
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Suspicious use of android.telephony.TelephonyManager.getNetworkCountryIso
- Uses reflection