Overview

overview

10

Static

static

8

197f0e170f...2a.exe

windows7_x64

9

197f0e170f...2a.exe

windows10_x64

9

302d77c6ec...56.exe

windows7_x64

8

302d77c6ec...56.exe

windows10_x64

8

466d872ddb...0d.exe

windows7_x64

8

466d872ddb...0d.exe

windows10_x64

10

6d13a07022...f4.exe

windows7_x64

8

6d13a07022...f4.exe

windows10_x64

8

8c1d1de824...ef.exe

windows7_x64

1

8c1d1de824...ef.exe

windows10_x64

1

a31f1894f1...b8.exe

windows7_x64

8

a31f1894f1...b8.exe

windows10_x64

9

a3802c3a05...6d.exe

windows7_x64

10

a3802c3a05...6d.exe

windows10_x64

10

Android APK

android_x86_64

10

c6c0d4969a...36.exe

windows7_x64

1

c6c0d4969a...36.exe

windows10_x64

1

d92ef7281e...1a.exe

windows7_x64

1

d92ef7281e...1a.exe

windows10_x64

1

dffb2eaccb...3a.exe

windows7_x64

8

dffb2eaccb...3a.exe

windows10_x64

8

e247b061c8...b1.exe

windows7_x64

8

e247b061c8...b1.exe

windows10_x64

8

Analysis

  • max time kernel
    4162366s
  • max time network
    129s
  • platform
    android_x86_64
  • resource
    android-x86_64
  • submitted
    24-11-2020 02:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af82bed2c58c403908faf323310cf6a65a7e3bfe098cc930eb5ac4bfe9315ef4.apk

  • Size

    4.4MB

  • MD5

    64b831a358118f5d8b20f4c5b78e8123

  • SHA1

    acfbaf82579235d4e404875ac9bbb2b299f85f88

  • SHA256

    af82bed2c58c403908faf323310cf6a65a7e3bfe098cc930eb5ac4bfe9315ef4

  • SHA512

    4cc96bca1a539af4cdbd3928ea2e7ecc8d3eed4806a7a04c4e4e77830f891d9f889392cd819a16bfcacfb4a8ca77c6da5d35e02bfbb17facceb44bbce5f1e90c

Score
10/10
anubisbankerinfostealerobfuscationstealthtrojan

Malware Config

Extracted

Family

anubis

C2

http://ktosdelaetskrintotpidor.com

http://sositehuypidarasi.com

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs
  • Uses reflection 27 IoCs
    obfuscation

Processes

  • mouse.celery.alone
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Suspicious use of android.os.PowerManager$WakeLock.acquire
    • Uses reflection
    PID:3585
    • mouse.celery.alone
      2⤵
        PID:3626
      • getprop
        2⤵
          PID:3626

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads