anubis | 540f2fea12850eb21e4b190286581a02250782f2febd6a7689a344edb8ce71fa

Analysis

max time kernel
3891555s
max time network
179s
platform
android_x64
resource
android-x64-20220310-en
submitted
21-05-2022 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

540f2fea12850eb21e4b190286581a02250782f2febd6a7689a344edb8ce71fa.apk
Size

3.3MB
MD5

2d827db9557250e275102eeb2cf98b92
SHA1

8bf0d90029f41487a30524aefb8129a6c4f72cac
SHA256

540f2fea12850eb21e4b190286581a02250782f2febd6a7689a344edb8ce71fa
SHA512

cb9ba045de274ce211ecb926e6524c1d57644b952dc4b976709ff3d8208c0b6d667b0e0835a78652d74456e8aa4e68293ac03e6ccc6fd976944a60f95ee6edf1

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

nyduuxnaqxqbkofyskhuzieyffm.qxmwqsrgdlifhkpjwlwlack.mua

ioc	pid	process
/data/user/0/nyduuxnaqxqbkofyskhuzieyffm.qxmwqsrgdlifhkpjwlwlack.mua/app_DynamicOptDex/xirphg.json	6139	nyduuxnaqxqbkofyskhuzieyffm.qxmwqsrgdlifhkpjwlwlack.mua
/data/user/0/nyduuxnaqxqbkofyskhuzieyffm.qxmwqsrgdlifhkpjwlwlack.mua/app_DynamicOptDex/xirphg.json	6139	nyduuxnaqxqbkofyskhuzieyffm.qxmwqsrgdlifhkpjwlwlack.mua

Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

nyduuxnaqxqbkofyskhuzieyffm.qxmwqsrgdlifhkpjwlwlack.mua

description ioc process

Framework API call android.hardware.SensorManager.registerListener nyduuxnaqxqbkofyskhuzieyffm.qxmwqsrgdlifhkpjwlwlack.mua

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	nyduuxnaqxqbkofyskhuzieyffm.qxmwqsrgdlifhkpjwlwlack.mua

nyduuxnaqxqbkofyskhuzieyffm.qxmwqsrgdlifhkpjwlwlack.mua
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:6139

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/nyduuxnaqxqbkofyskhuzieyffm.qxmwqsrgdlifhkpjwlwlack.mua/app_DynamicOptDex/oat/xirphg.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/nyduuxnaqxqbkofyskhuzieyffm.qxmwqsrgdlifhkpjwlwlack.mua/app_DynamicOptDex/xirphg.json
Filesize
2.1MB

MD5
f9f6a1ed4ec4622b19af369e1e656721

SHA1
58dba6083b7f44a6ecaf34a8f251342ac89fe020

SHA256
d5806d4026443c70108e28ec8f8429fb666f03b9f4582d11462e733c678ffb75

SHA512
1180e476b37a2912a27b962f895f068966877f77c4a993bbe050e2272dae6c034f399c3ea2d4157be8515b3bb1949687b80efc972edccee975bd5481015368e1

Download Submit
/data/user/0/nyduuxnaqxqbkofyskhuzieyffm.qxmwqsrgdlifhkpjwlwlack.mua/app_DynamicOptDex/xirphg.json
Filesize
2.1MB

MD5
609535c0b9ae2d4cb6ae727e254e953a

SHA1
be573ad14469c7d28bb53a2f8a188bc7a6f5d7f8

SHA256
40195c96d35fa8962abc2528176edbb50f3e6baae930a6e705b6289104675981

SHA512
010215f8c5906c9be7e3dd2a630c4063c43a2adc71ccb2e1c061cdf6288e46b2023f0b5470e7a4d6bc73fa8c9b305fb63e4088f7193b9937fc7dbba956b87f3f

Download Submit
/data/user/0/nyduuxnaqxqbkofyskhuzieyffm.qxmwqsrgdlifhkpjwlwlack.mua/app_DynamicOptDex/xirphg.json
Filesize
2.1MB

MD5
609535c0b9ae2d4cb6ae727e254e953a

SHA1
be573ad14469c7d28bb53a2f8a188bc7a6f5d7f8

SHA256
40195c96d35fa8962abc2528176edbb50f3e6baae930a6e705b6289104675981

SHA512
010215f8c5906c9be7e3dd2a630c4063c43a2adc71ccb2e1c061cdf6288e46b2023f0b5470e7a4d6bc73fa8c9b305fb63e4088f7193b9937fc7dbba956b87f3f

Download Submit