Analysis
-
max time kernel
3294138s -
max time network
112s -
platform
android_x64 -
resource
android-x64-arm64-20220621-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220621-enlocale:en-usos:android-11-x64system -
submitted
22-08-2022 06:56
Static task
static1
Behavioral task
behavioral1
Sample
43bfaf61f25ff5fea9878539346ec013.apk
Resource
android-x86-arm-20220621-en
Behavioral task
behavioral2
Sample
43bfaf61f25ff5fea9878539346ec013.apk
Resource
android-x64-20220621-en
Behavioral task
behavioral3
Sample
43bfaf61f25ff5fea9878539346ec013.apk
Resource
android-x64-arm64-20220621-en
General
-
Target
43bfaf61f25ff5fea9878539346ec013.apk
-
Size
258KB
-
MD5
43bfaf61f25ff5fea9878539346ec013
-
SHA1
2d5123e83ecb9fe9a949c4989bdfd2e34582d20e
-
SHA256
c40e5c35432da865f62714deb200bbf29e5356b89d073c973e2ca299074fa66a
-
SHA512
d096484eabe8b157b97c6fd154b47dc7ab01b2ed44f64da2b5e38476704613c3c11cab71572b9c9e4497a3c3c04fffcbae68c3fba19f56c84ea260c0f3ea1daa
Malware Config
Signatures
-
Anubis banker
Android banker that uses overlays.
-
Makes use of the framework's Accessibility service. 2 IoCs
Processes:
anubis.bot.myapplicationdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId anubis.bot.myapplication Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText anubis.bot.myapplication -
Acquires the wake lock. 1 IoCs
Processes:
anubis.bot.myapplicationdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock anubis.bot.myapplication -
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes:
anubis.bot.myapplicationdescription ioc process Framework API call android.hardware.SensorManager.registerListener anubis.bot.myapplication