Analysis
-
max time kernel
3866238s -
max time network
160s -
platform
android_x64 -
resource
android-x64-arm64-20220310-en -
submitted
21-05-2022 11:25
Static task
static1
Behavioral task
behavioral1
Sample
e8c01da98b8c3d203f2e9091348b9c56a471d3b0baf589ea3d195704f54d15e8.apk
Resource
android-x86-arm-20220310-en
Behavioral task
behavioral2
Sample
e8c01da98b8c3d203f2e9091348b9c56a471d3b0baf589ea3d195704f54d15e8.apk
Resource
android-x64-20220310-en
Behavioral task
behavioral3
Sample
e8c01da98b8c3d203f2e9091348b9c56a471d3b0baf589ea3d195704f54d15e8.apk
Resource
android-x64-arm64-20220310-en
General
-
Target
e8c01da98b8c3d203f2e9091348b9c56a471d3b0baf589ea3d195704f54d15e8.apk
-
Size
3.2MB
-
MD5
5457d3f8855af52609bdfd7fc7b88bc4
-
SHA1
1639bee5bec6557d11f7ed0743ad2857676f36bc
-
SHA256
e8c01da98b8c3d203f2e9091348b9c56a471d3b0baf589ea3d195704f54d15e8
-
SHA512
5329a079959747d0290acd6444159c4c1f9984c0780a07b9081ecff7db9d046ab5d4546bd58ddae91ce9da7cbf04edfbdbe8ff836e60894eef5b8fd81d439769
Malware Config
Signatures
-
Anubis banker
Android banker that uses overlays.
-
Makes use of the framework's Accessibility service. 3 IoCs
Processes:
poiniqzcisuxqede.zwjrdpkbfjb.yksddescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId poiniqzcisuxqede.zwjrdpkbfjb.yksd Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText poiniqzcisuxqede.zwjrdpkbfjb.yksd Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId poiniqzcisuxqede.zwjrdpkbfjb.yksd -
Acquires the wake lock. 1 IoCs
Processes:
poiniqzcisuxqede.zwjrdpkbfjb.yksddescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock poiniqzcisuxqede.zwjrdpkbfjb.yksd -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
poiniqzcisuxqede.zwjrdpkbfjb.yksdioc pid process /data/user/0/poiniqzcisuxqede.zwjrdpkbfjb.yksd/app_DynamicOptDex/bi.json 6853 poiniqzcisuxqede.zwjrdpkbfjb.yksd /data/user/0/poiniqzcisuxqede.zwjrdpkbfjb.yksd/app_DynamicOptDex/bi.json 6853 poiniqzcisuxqede.zwjrdpkbfjb.yksd -
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes:
poiniqzcisuxqede.zwjrdpkbfjb.yksddescription ioc process Framework API call android.hardware.SensorManager.registerListener poiniqzcisuxqede.zwjrdpkbfjb.yksd
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD5c51792f251e0eff89a38a1803ffd6f3a
SHA1bb6bb81eaa1aa8bb85e2c58194e11e3f49657e7e
SHA256e1bce7a0864c60fee1ae665e53dcd7d4dda6505ebd9c3cdb32d6532774f361e8
SHA512437576898836785a1d2971ac477478a52bbdbf72ee643bbb2c00e9d5cb0064806ea764fb1775ae2a382a4e3c0a2022685f85f1d84c6af5ea175661950970e46e
-
Filesize
2.0MB
MD5f4f2565463d99d593a37375b8e23a312
SHA1987ecc2fe7415ac33ae8f899839f0dbd1cd6d46f
SHA2569202551ef71131f5df5a4b6b2100026e355e0a9c10c096da0e711add8b820729
SHA512935b9b68bab9070d84e17e31d909413f1fc08e86db54d0e25d42db0e74155b88891ef2cc543e76a374cbfe4386e9dfc3577faa44bf8f06799787ef358b158966
-
Filesize
2.0MB
MD5f4f2565463d99d593a37375b8e23a312
SHA1987ecc2fe7415ac33ae8f899839f0dbd1cd6d46f
SHA2569202551ef71131f5df5a4b6b2100026e355e0a9c10c096da0e711add8b820729
SHA512935b9b68bab9070d84e17e31d909413f1fc08e86db54d0e25d42db0e74155b88891ef2cc543e76a374cbfe4386e9dfc3577faa44bf8f06799787ef358b158966
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e