Analysis
-
max time kernel
3868118s -
max time network
164s -
platform
android_x86 -
resource
android-x86-arm-20220310-en -
submitted
21-05-2022 11:26
Static task
static1
Behavioral task
behavioral1
Sample
b600fa379cabfd33a6ebc2e69fd71910bff442b2d90d0163ccaa997cc2199b7e.apk
Resource
android-x86-arm-20220310-en
Behavioral task
behavioral2
Sample
b600fa379cabfd33a6ebc2e69fd71910bff442b2d90d0163ccaa997cc2199b7e.apk
Resource
android-x64-20220310-en
Behavioral task
behavioral3
Sample
b600fa379cabfd33a6ebc2e69fd71910bff442b2d90d0163ccaa997cc2199b7e.apk
Resource
android-x64-arm64-20220310-en
General
-
Target
b600fa379cabfd33a6ebc2e69fd71910bff442b2d90d0163ccaa997cc2199b7e.apk
-
Size
3.3MB
-
MD5
98f48dacd555fc1a4f90d69fb91ae4e8
-
SHA1
b8aec6d580883393cba4bcfa8e41857b130fa95d
-
SHA256
b600fa379cabfd33a6ebc2e69fd71910bff442b2d90d0163ccaa997cc2199b7e
-
SHA512
5dde926dea76716c1a8ff19e74d2393cec02f20eea00c9d228640c74231a2934df3137c1f3fc4d465c067012f7260699a62e5d4400d0b9696807b344359716b3
Malware Config
Signatures
-
Anubis banker
Android banker that uses overlays.
-
Makes use of the framework's Accessibility service. 3 IoCs
Processes:
wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztglsdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls -
Acquires the wake lock. 1 IoCs
Processes:
wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztglsdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls -
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/oat/x86/Mnrr.odex --compiler-filter=quicken --class-loader-context=&ioc pid process /data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.json 5167 wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls /data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.json 5244 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/oat/x86/Mnrr.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.json 5167 wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls -
Reads information about phone network operator.
-
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes:
wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztglsdescription ioc process Framework API call android.hardware.SensorManager.registerListener wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls
Processes
-
wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation).
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/oat/x86/Mnrr.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.jsonFilesize
2.1MB
MD5f6435dd229bfa1783f8d36942965b54a
SHA133ff7384a347e57fa75a171334daa8d11563cd3f
SHA2568ca71b7faedae899f9c9b53bddc2577891bf85d33eddd80ecc973b62299c9147
SHA5125b5345c5838db53a570c13f49475d2ad7945f052b97d3f0f30d7c1701a36927a8bcd3036d661432a26e251e22f4e2859825010129e7a11403e6451b1207cde91
-
/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.jsonFilesize
2.1MB
MD585906cde5d00bcc1230e87598b8a7bfc
SHA1b54fc492fb25e7843029a57cf03f9bf24120287d
SHA256c1751a864c125e703b5507e5404d99f762679bb183b2b4d654d16ffa0e25d470
SHA51275a08b98a5c0126b5bcb40dda4ca867992828617db44761354a8ebe04518a1cd97629c323197b5af1fb6383007befa3ff3fcac6acb3405de2c46a2a96f7ef376
-
/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.jsonFilesize
2.1MB
MD580be37c70d69e779f3dc7ba1e6fa8d6a
SHA13ac7ab733bbf965b918de1172009d756bc145fe1
SHA256a4127d72c800879a143d5062d8d6ef3494cf367c8bb029bc1837d2dc3fb61517
SHA5125e2c4e4b1d54d50d9b5fa47c4df1148cea115915cf2eb7105c795ed03685ae8b6c33f86df4a5a57df8ed156a184f0366cf03609a36526a69c561739b3dd3120e
-
/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.jsonFilesize
2.1MB
MD585906cde5d00bcc1230e87598b8a7bfc
SHA1b54fc492fb25e7843029a57cf03f9bf24120287d
SHA256c1751a864c125e703b5507e5404d99f762679bb183b2b4d654d16ffa0e25d470
SHA51275a08b98a5c0126b5bcb40dda4ca867992828617db44761354a8ebe04518a1cd97629c323197b5af1fb6383007befa3ff3fcac6acb3405de2c46a2a96f7ef376
-
/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.json.x86.flockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/oat/Mnrr.json.cur.profMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/oat/x86/Mnrr.odexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/oat/x86/Mnrr.vdexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e