Overview

overview

10

Static

static

7

BB3D5729F7...6A.apk

android_x86

10

BB3D5729F7...6A.apk

android_x64

10

BB3D5729F7...6A.apk

android_x64

10

Analysis

  • max time kernel
    673414s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    03-06-2022 05:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BB3D5729F7AD3276C771AEC55BC913D71973F3B26BA24AAB6AAFAE79E8EA0C6A.apk

  • Size

    1.9MB

  • MD5

    1e6c4a307e1b19ebba9f676f2728b970

  • SHA1

    1b23de0ecf9398a9c01679a7b18f84a77e3293de

  • SHA256

    bb3d5729f7ad3276c771aec55bc913d71973f3b26ba24aab6aafae79e8ea0c6a

  • SHA512

    99fc04f0862efc5a2f4111c5d77ee606d0ecff0c69c4685056fa6ef73566674f2821856f5ff974e4d1e5516c88ef2517b9045e179af30a63e737f9bb61b430df

Score
10/10
anubisbankerevasioninfostealertrojan

Malware Config

Extracted

Family

anubis

C2

http://webdatapanel.xyz/

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
    evasion

Processes

  • jozsqisehdozqqu.odyogitbannghurxpmj.ztcdkpkkgfftdf
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation).
    PID:5584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/jozsqisehdozqqu.odyogitbannghurxpmj.ztcdkpkkgfftdf/app_DynamicOptDex/pCqPmG.json
    Filesize

    1.0MB

    MD5

    4e8ba1dbad99db6defdbdbcfcbdb83c3

    SHA1

    0b15865d4c900d6c9485ae2e9b653ac7b1c60818

    SHA256

    17a4b1cd276512aeff4d93b820256dadf0a62541cde81677d2f74e2134016782

    SHA512

    90d5f2816866b18e1dc15486a9468060eee35a86dfc4d50a370bba9e5bc13d3eed41743ccba881f7a16f4ad68df30b28c30d0e77c07c738b81d4c8d7d1337c5f

    Download Submit

  • /data/user/0/jozsqisehdozqqu.odyogitbannghurxpmj.ztcdkpkkgfftdf/app_DynamicOptDex/pCqPmG.json
    Filesize

    1.0MB

    MD5

    671fe1f6b48600a61e3bffeadf7bec15

    SHA1

    85fea3899180390aba77f38c580b19a63ebb2f31

    SHA256

    81e0b0bab5b7f2af550bb7a7d59896f2740d74a9150de50e421ee0db705b7398

    SHA512

    c3d003a2531b0653144b316be724f2ff4b9e02c82db397457dd92e72bb10358a8b4f4b6767b9ca9cd604fff5866b67fbef2eb3e965f901c215a1d20271e1691f

    Download Submit

  • /data/user/0/jozsqisehdozqqu.odyogitbannghurxpmj.ztcdkpkkgfftdf/app_DynamicOptDex/pCqPmG.json
    Filesize

    1.0MB

    MD5

    671fe1f6b48600a61e3bffeadf7bec15

    SHA1

    85fea3899180390aba77f38c580b19a63ebb2f31

    SHA256

    81e0b0bab5b7f2af550bb7a7d59896f2740d74a9150de50e421ee0db705b7398

    SHA512

    c3d003a2531b0653144b316be724f2ff4b9e02c82db397457dd92e72bb10358a8b4f4b6767b9ca9cd604fff5866b67fbef2eb3e965f901c215a1d20271e1691f

    Download Submit