Overview

overview

10

Static

static

7

BD352E14A8...77.apk

android_x86

10

BD352E14A8...77.apk

android_x64

10

BD352E14A8...77.apk

android_x64

10

Analysis

  • max time kernel
    694848s
  • max time network
    159s
  • platform
    android_x86
  • resource
    android-x86-arm-20220310-en
  • submitted
    03-06-2022 08:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BD352E14A8E2C65637BC0A8DE6749F1AC8E1B43AF64FFB78CEA50325018C4477.apk

  • Size

    1.9MB

  • MD5

    f819be0886ed50a6ccd6791043edbd7c

  • SHA1

    c982ae497b689a0418abd6f4d27a4bbecd237eb3

  • SHA256

    bd352e14a8e2c65637bc0a8de6749f1ac8e1b43af64ffb78cea50325018c4477

  • SHA512

    6a168a147fa98d021a38065bdd8425e16d78fcde4579c30efe91fd2c8c0c87965c2549f1493b5d2fd0b7bed982b1b8ba7e6c9cc6bb8bf699e577084c2badf5b8

Score
10/10
anubisbankerevasioninfostealertrojan

Malware Config

Extracted

Family

anubis

C2

http://ourplanet.xyz/

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
    evasion

Processes

  • wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation).
    PID:5263
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/ARRN.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/oat/x86/ARRN.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:5289

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/ARRN.json
    Filesize

    887KB

    MD5

    f5abb065aff58add1c1d17348fe4c726

    SHA1

    cc1889e7367dbab286b26f7eb610855d07afaa7d

    SHA256

    0b800a5a3678e2a04414691fd587e9aaef19c2425c48732029a6cc421d78ec52

    SHA512

    decb72b5fb6a124f7f5d38658bd9f4987ec5f327415b11cbe1a60ff327bebf88b7242733d5b6df2a290760cd54e85e2d25807fb80f837243549683ecc041a0dd

    Download Submit
  • /data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/ARRN.json
    Filesize

    887KB

    MD5

    23dd85fcb4d2b3ccfba71cf777470b2f

    SHA1

    4c56af0b39d3a85e465676d0d95086fc59ebb940

    SHA256

    59d624744688bc7c0eb7002276610fb16898c0265edf2c2050f607be068a8b79

    SHA512

    5e33644abc8654c7d7fccd69302bb7ec3dc28e5173e13d0698e525a895b917c6a068d2cf285ab00a22784c3acc5b9c00f3776e9622e3330e24801a4890369dbf

    Download Submit
  • /data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/ARRN.json
    Filesize

    887KB

    MD5

    d3e5b0e335275bdfb8302be27b103a7d

    SHA1

    3138e3e3d61b4346eb5f20cf51cbe3a5e35eae36

    SHA256

    3faba2940d7e1ef128683e1f1c901ec6cca895cf7e8f8bf78a0ba5a3760b1753

    SHA512

    6a81154f8ed36a94ccb2148028fe874afa0d8af84d526c4ebe310a502ddbdcade52013068a475d7668c0700aa935eb76e21a970d6b1897d2cfae517d9f35029b

    Download Submit
  • /data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/ARRN.json
    Filesize

    887KB

    MD5

    23dd85fcb4d2b3ccfba71cf777470b2f

    SHA1

    4c56af0b39d3a85e465676d0d95086fc59ebb940

    SHA256

    59d624744688bc7c0eb7002276610fb16898c0265edf2c2050f607be068a8b79

    SHA512

    5e33644abc8654c7d7fccd69302bb7ec3dc28e5173e13d0698e525a895b917c6a068d2cf285ab00a22784c3acc5b9c00f3776e9622e3330e24801a4890369dbf

    Download Submit
  • /data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/ARRN.json.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/oat/ARRN.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/oat/x86/ARRN.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/oat/x86/ARRN.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit