Overview

overview

10

Static

static

7

32b556f98d...df.apk

android_x86

8

32b556f98d...df.apk

android_x64

10

32b556f98d...df.apk

android_x64

10

Analysis

  • max time kernel
    3866542s
  • max time network
    169s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    21-05-2022 11:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32b556f98d0d2bc0f14aab12585edb263296dabca5d5a1f5752031b0412338df.apk

  • Size

    3.2MB

  • MD5

    a5b27f03e3a6caac2a2b9b95644a12c3

  • SHA1

    2a71db680bbc3201d9b6fe010d46a51e4486e80a

  • SHA256

    32b556f98d0d2bc0f14aab12585edb263296dabca5d5a1f5752031b0412338df

  • SHA512

    d87bd13489fb4961c8ba41a053665f5abfd5434d149a5b60bbcf101f4469b14e13d7351ebc36fe0545d549a633e223124c47c3f878b02c97c29900bbb6e984e3

Score
10/10
anubisbankerevasioninfostealertrojan

Malware Config

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
    evasion

Processes

  • eqzthjrbymohme.tximzugaw.rpsljgcyppsbasaszepboedp
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation).
    PID:6603

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/eqzthjrbymohme.tximzugaw.rpsljgcyppsbasaszepboedp/app_DynamicOptDex/oat/qebl.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/eqzthjrbymohme.tximzugaw.rpsljgcyppsbasaszepboedp/app_DynamicOptDex/qebl.json
    Filesize

    2.0MB

    MD5

    db73400867594b37ec042d3bb67fecb0

    SHA1

    66a7d94d9bcb1403e1de0452096ac767832499ca

    SHA256

    77186d6154557a401137ed484af794c1c99a1ada866683fa3d791665b3bb603e

    SHA512

    871d4a0990b3bff89aecc5359391652d91fb5412466c29dd09119a33f5a2d374c4ac9b0aa10c429910e1d3db42ac0202813a84efe8626c87ea04d5455e2ef5a9

    Download Submit
  • /data/user/0/eqzthjrbymohme.tximzugaw.rpsljgcyppsbasaszepboedp/app_DynamicOptDex/qebl.json
    Filesize

    2.0MB

    MD5

    be5930b922f627a43e823d502b4d9008

    SHA1

    01efc514fad41cfcb8bfa3b53a08b8d30620f868

    SHA256

    8f4cf4c901a2eadad34e51f2b38f3fcede91c0eb5c332b16f4db0723eb1ffda7

    SHA512

    652c1c140d0a3fa53078340feec7d47bbcb4573dd9b77a3fc1bc284e84eb76ebe57d9cb629d8f9d21418c83d91a714b3b503c5197028488b9c41baca97b8d3fa

    Download Submit
  • /data/user/0/eqzthjrbymohme.tximzugaw.rpsljgcyppsbasaszepboedp/app_DynamicOptDex/qebl.json
    Filesize

    2.0MB

    MD5

    be5930b922f627a43e823d502b4d9008

    SHA1

    01efc514fad41cfcb8bfa3b53a08b8d30620f868

    SHA256

    8f4cf4c901a2eadad34e51f2b38f3fcede91c0eb5c332b16f4db0723eb1ffda7

    SHA512

    652c1c140d0a3fa53078340feec7d47bbcb4573dd9b77a3fc1bc284e84eb76ebe57d9cb629d8f9d21418c83d91a714b3b503c5197028488b9c41baca97b8d3fa

    Download Submit