Analysis
-
max time kernel
676382s -
max time network
51s -
platform
android_x86 -
resource
android-x86-arm-20220310-en -
submitted
03-06-2022 05:35
Static task
static1
Behavioral task
behavioral1
Sample
57C9563A1E3ADC9737EAE84B6FB3F45AA98621AB4D1BCED43EEEF5E35FEE9AAD.apk
Resource
android-x86-arm-20220310-en
Behavioral task
behavioral2
Sample
57C9563A1E3ADC9737EAE84B6FB3F45AA98621AB4D1BCED43EEEF5E35FEE9AAD.apk
Resource
android-x64-20220310-en
Behavioral task
behavioral3
Sample
57C9563A1E3ADC9737EAE84B6FB3F45AA98621AB4D1BCED43EEEF5E35FEE9AAD.apk
Resource
android-x64-arm64-20220310-en
General
-
Target
57C9563A1E3ADC9737EAE84B6FB3F45AA98621AB4D1BCED43EEEF5E35FEE9AAD.apk
-
Size
285KB
-
MD5
9a203d62480bceb0116dc1b32b2e20d2
-
SHA1
ef237eccaceaf6dbc05af9c24c80d43d4bc89e15
-
SHA256
57c9563a1e3adc9737eae84b6fb3f45aa98621ab4d1bced43eeef5e35fee9aad
-
SHA512
bf3f35f03ad2188d71841df743c672770aebd67ef9362fcf1cb9378c6bdfa9d649afce14337af6d7d5eeec341014ccf67ce97faffb2340d565ddb0d09af3d153
Malware Config
Signatures
-
Anubis banker
Android banker that uses overlays.
-
Makes use of the framework's Accessibility service. 2 IoCs
Processes:
wocwvy.czyxoxmbauu.slsadescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId wocwvy.czyxoxmbauu.slsa Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText wocwvy.czyxoxmbauu.slsa -
Acquires the wake lock. 1 IoCs
Processes:
wocwvy.czyxoxmbauu.slsadescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock wocwvy.czyxoxmbauu.slsa -
Reads information about phone network operator.
-
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes:
wocwvy.czyxoxmbauu.slsadescription ioc process Framework API call android.hardware.SensorManager.registerListener wocwvy.czyxoxmbauu.slsa