Analysis
-
max time kernel
439991s -
max time network
119s -
platform
android_x86_64 -
resource
android-x86_64_arm64 -
submitted
28-04-2021 20:41
Static task
static1
Behavioral task
behavioral1
Sample
bfdcc19b_by_Libranalysis.apk
Resource
android-x86_64_arm64
android_x86_64
0 signatures
0 seconds
General
-
Target
bfdcc19b_by_Libranalysis.apk
-
Size
1.0MB
-
MD5
bfdcc19b75c80a2c727fe89e6d1de5ee
-
SHA1
d63155e04a793241c34feec1857372db7b788bf5
-
SHA256
6496931678cdd40d021d0e17d9087b10dda4ac187a54b0250ca917df4f02ce04
-
SHA512
2a608efcef99b5549efe783e5c89ae1eb6f8592e29df75e2e147dbe01e0914a3875ceae33b64ab26351307860a799e0e8bf20deb76dd92c417c1bbe4411431c1
Score
10/10
Malware Config
Extracted
Family
anubis
C2
http://ktosdelaetskrintotpidor.com
http://sositehuypidarasi.com
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
Signatures
-
Anubis banker
Android banker that uses overlays.
-
Processes:
wocwvy.czyxoxmbauu.slsapid process 4131 wocwvy.czyxoxmbauu.slsa -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
wocwvy.czyxoxmbauu.slsadescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS wocwvy.czyxoxmbauu.slsa -
Uses reflection 5 IoCs
Processes:
wocwvy.czyxoxmbauu.slsadescription pid process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4131 wocwvy.czyxoxmbauu.slsa Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4131 wocwvy.czyxoxmbauu.slsa Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4131 wocwvy.czyxoxmbauu.slsa Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4131 wocwvy.czyxoxmbauu.slsa Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4131 wocwvy.czyxoxmbauu.slsa