Overview

overview

10

Static

static

7

7711F2515F...87.apk

android_x86

10

7711F2515F...87.apk

android_x64

10

7711F2515F...87.apk

android_x64

10

Analysis

  • max time kernel
    676156s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20220310-en
  • submitted
    03-06-2022 05:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7711F2515FA68FCB75459A90B9D0102569435CDFBAACB35B23828AB17D6A0987.apk

  • Size

    3.7MB

  • MD5

    b7b6ae08971e111291e2dffe48667c42

  • SHA1

    ffd2c09b20809ba853bfa0776ae59447ea82d4b7

  • SHA256

    7711f2515fa68fcb75459a90b9d0102569435cdfbaacb35b23828ab17d6a0987

  • SHA512

    0414838b61f594a12cbab985439ab97194b75117562e2a091c0cbab6c029930a36a2b9b0a3781c4972abf6c39f5d4f6aada2588280eedbc7b3d506a566eee7ae

Score
10/10
anubisbankerevasioninfostealertrojan

Malware Config

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
    evasion

Processes

  • com.rsksbgdkgcae.fvogspmykjv
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation).
    PID:5229
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rsksbgdkgcae.fvogspmykjv/app_files/vdtfcg.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.rsksbgdkgcae.fvogspmykjv/app_files/oat/x86/vdtfcg.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:5309

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.rsksbgdkgcae.fvogspmykjv/app_files/vdtfcg.jar
    Filesize

    217KB

    MD5

    55bcef86e2869e2c9c57c989ca33303c

    SHA1

    e23d9f47130be7c913eec65dffe494451a8435be

    SHA256

    ab54eedea2830d13e96e761c5af98c8d4a11ea98c78c9475f57a801aa2b8aa3c

    SHA512

    824f4b03b443f612089eaa7560d93c710b26ee51c974098c8ce674c82da4b7cd336723388de7fd143f2e212857e01c3a8647643ed6addb0b84dc026a97493c4d

    Download Submit

  • /data/user/0/com.rsksbgdkgcae.fvogspmykjv/app_files/vdtfcg.jar
    Filesize

    440KB

    MD5

    718973db3b1dda230f0a65f7d5ccd72a

    SHA1

    3e5c505acdf8248fae792f85e0412f4dbfeb0b13

    SHA256

    386cca5a013360cbd5928e7a6e1db5a1e0898457f2a9b2c2a9c8a79b5884a726

    SHA512

    18c0365e1af21c5734a1f28b6b4c6e515abea5cf3b669ac226c6017f059f886b08adf9683a73db90136a098e1d61403039a9ed61a107ff3237de9a395e752825

    Download Submit

  • /data/user/0/com.rsksbgdkgcae.fvogspmykjv/app_files/vdtfcg.jar
    Filesize

    440KB

    MD5

    3389ca8da78d92d27bbc4348bc44d8f9

    SHA1

    8bc6c2bf025e7c72af926df48ec58250dc90c0e1

    SHA256

    e195e706b0493c04cb30e9e76ee93e9fe749565d8edde91ea1e9f569e7117ead

    SHA512

    3f98236c458d45e2113ae8f7e1eec28efd400edcb6a2c860dde355ef11fb0d2bb9b06c72f54a2b92432bb13317f992b8ad7fc58c30099de54f6c63b1854c7f03

    Download Submit