anubis | bd352e14a8e2c65637bc0a8de6749f1ac8e1b43af64ffb78cea50325018c4477

Analysis

max time kernel
688726s
max time network
172s
platform
android_x64
resource
android-x64-20220310-en
submitted
03-06-2022 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BD352E14A8E2C65637BC0A8DE6749F1AC8E1B43AF64FFB78CEA50325018C4477.apk
Size

1.9MB
MD5

f819be0886ed50a6ccd6791043edbd7c
SHA1

c982ae497b689a0418abd6f4d27a4bbecd237eb3
SHA256

bd352e14a8e2c65637bc0a8de6749f1ac8e1b43af64ffb78cea50325018c4477
SHA512

6a168a147fa98d021a38065bdd8425e16d78fcde4579c30efe91fd2c8c0c87965c2549f1493b5d2fd0b7bed982b1b8ba7e6c9cc6bb8bf699e577084c2badf5b8

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Extracted

Family

anubis

http://ourplanet.xyz/

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx

ioc	pid	process
/data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/ARRN.json	6278	wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx
/data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/ARRN.json	6278	wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx

Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx

description ioc process

Framework API call android.hardware.SensorManager.registerListener wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx

wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:6278

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/ARRN.json
Filesize
887KB

MD5
f5abb065aff58add1c1d17348fe4c726

SHA1
cc1889e7367dbab286b26f7eb610855d07afaa7d

SHA256
0b800a5a3678e2a04414691fd587e9aaef19c2425c48732029a6cc421d78ec52

SHA512
decb72b5fb6a124f7f5d38658bd9f4987ec5f327415b11cbe1a60ff327bebf88b7242733d5b6df2a290760cd54e85e2d25807fb80f837243549683ecc041a0dd

Download Submit
/data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/ARRN.json
Filesize
887KB

MD5
23dd85fcb4d2b3ccfba71cf777470b2f

SHA1
4c56af0b39d3a85e465676d0d95086fc59ebb940

SHA256
59d624744688bc7c0eb7002276610fb16898c0265edf2c2050f607be068a8b79

SHA512
5e33644abc8654c7d7fccd69302bb7ec3dc28e5173e13d0698e525a895b917c6a068d2cf285ab00a22784c3acc5b9c00f3776e9622e3330e24801a4890369dbf

Download Submit
/data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/ARRN.json
Filesize
887KB

MD5
23dd85fcb4d2b3ccfba71cf777470b2f

SHA1
4c56af0b39d3a85e465676d0d95086fc59ebb940

SHA256
59d624744688bc7c0eb7002276610fb16898c0265edf2c2050f607be068a8b79

SHA512
5e33644abc8654c7d7fccd69302bb7ec3dc28e5173e13d0698e525a895b917c6a068d2cf285ab00a22784c3acc5b9c00f3776e9622e3330e24801a4890369dbf

Download Submit
/data/user/0/wqumtczkrehhh.shftzobzrpkdseucrhnhqzu.mkfmftteznamnlcjzjfasx/app_DynamicOptDex/oat/ARRN.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit