Analysis
-
max time kernel
3868148s -
max time network
160s -
platform
android_x64 -
resource
android-x64-arm64-20220310-en -
submitted
21-05-2022 11:26
Static task
static1
Behavioral task
behavioral1
Sample
b600fa379cabfd33a6ebc2e69fd71910bff442b2d90d0163ccaa997cc2199b7e.apk
Resource
android-x86-arm-20220310-en
Behavioral task
behavioral2
Sample
b600fa379cabfd33a6ebc2e69fd71910bff442b2d90d0163ccaa997cc2199b7e.apk
Resource
android-x64-20220310-en
Behavioral task
behavioral3
Sample
b600fa379cabfd33a6ebc2e69fd71910bff442b2d90d0163ccaa997cc2199b7e.apk
Resource
android-x64-arm64-20220310-en
General
-
Target
b600fa379cabfd33a6ebc2e69fd71910bff442b2d90d0163ccaa997cc2199b7e.apk
-
Size
3.3MB
-
MD5
98f48dacd555fc1a4f90d69fb91ae4e8
-
SHA1
b8aec6d580883393cba4bcfa8e41857b130fa95d
-
SHA256
b600fa379cabfd33a6ebc2e69fd71910bff442b2d90d0163ccaa997cc2199b7e
-
SHA512
5dde926dea76716c1a8ff19e74d2393cec02f20eea00c9d228640c74231a2934df3137c1f3fc4d465c067012f7260699a62e5d4400d0b9696807b344359716b3
Malware Config
Signatures
-
Anubis banker
Android banker that uses overlays.
-
Makes use of the framework's Accessibility service. 3 IoCs
Processes:
wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztglsdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls -
Acquires the wake lock. 1 IoCs
Processes:
wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztglsdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztglsioc pid process /data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.json 5725 wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls /data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.json 5725 wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls -
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes:
wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztglsdescription ioc process Framework API call android.hardware.SensorManager.registerListener wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.jsonFilesize
2.1MB
MD5f6435dd229bfa1783f8d36942965b54a
SHA133ff7384a347e57fa75a171334daa8d11563cd3f
SHA2568ca71b7faedae899f9c9b53bddc2577891bf85d33eddd80ecc973b62299c9147
SHA5125b5345c5838db53a570c13f49475d2ad7945f052b97d3f0f30d7c1701a36927a8bcd3036d661432a26e251e22f4e2859825010129e7a11403e6451b1207cde91
-
/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.jsonFilesize
2.1MB
MD585906cde5d00bcc1230e87598b8a7bfc
SHA1b54fc492fb25e7843029a57cf03f9bf24120287d
SHA256c1751a864c125e703b5507e5404d99f762679bb183b2b4d654d16ffa0e25d470
SHA51275a08b98a5c0126b5bcb40dda4ca867992828617db44761354a8ebe04518a1cd97629c323197b5af1fb6383007befa3ff3fcac6acb3405de2c46a2a96f7ef376
-
/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/Mnrr.jsonFilesize
2.1MB
MD585906cde5d00bcc1230e87598b8a7bfc
SHA1b54fc492fb25e7843029a57cf03f9bf24120287d
SHA256c1751a864c125e703b5507e5404d99f762679bb183b2b4d654d16ffa0e25d470
SHA51275a08b98a5c0126b5bcb40dda4ca867992828617db44761354a8ebe04518a1cd97629c323197b5af1fb6383007befa3ff3fcac6acb3405de2c46a2a96f7ef376
-
/data/user/0/wzgcfrnkoecbdhyefubrbhpwqg.rblxehp.bfryhoyngspymwbuztgls/app_DynamicOptDex/oat/Mnrr.json.cur.profMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e