zanubis | 95242e1d105de9c33b2c9d8a9514f58327ca32d7d24af9af19ff3f0d075ea451

Resubmissions

22-09-2022 17:05

220922-vlzdrsfgcp 10

02-09-2022 10:04

220902-l3926acahl 8

Analysis

max time kernel
4255862s
max time network
161s
platform
android_x64
resource
android-x64-arm64-20220823-en
submitted
02-09-2022 10:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95242e1d105de9c33b2c9d8a9514f58327ca32d7d24af9af19ff3f0d075ea451.apk
Size

4.0MB
MD5

e7495ddd6f4e5c686c2ee68b3db91f9b
SHA1

74c03b47d0449e08ef9e645e79aaada5e0aedc9d
SHA256

95242e1d105de9c33b2c9d8a9514f58327ca32d7d24af9af19ff3f0d075ea451
SHA512

4d264b89c483007789525c7f367d890a40f87755f18e7872065dd4e53d07065b6fa973726e234dc1113358aea7cb267d13bf956b85eeb4714dc14da2662b0888
SSDEEP

98304:a33L6bd2ofrZh/urhQuzI6TZS+DixH8bU4bFLzbcHezk:c67ky4To+mgU4bFLA

Score

10^/10

zanubis banker evasion infostealer trojan

Malware Config

Signatures

Zanubis
Zanubis is an Android banking malware first seen in 2022.
infostealer trojan banker zanubis

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.personal.pdf
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.personal.pdf

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.personal.pdf

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.personal.pdf

Requests disabling of battery optimizations (often used to enable hiding in the background). 2 IoCs

evasion

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.personal.pdf:remote
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.personal.pdf

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.personal.pdf

com.personal.pdf
1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
PID:4544

com.personal.pdf:remote
1⤵
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.personal.pdf/app_webview/Default/Cookies

Filesize
64KB

MD5
dfb2098ca7b3bf16d6f5f1e7d3839af5

SHA1
ebb7a8bc886062d77a4092bd306b77a0ce7a3e9d

SHA256
e4119d32577d7fc63b267cc23eb7a9bbfb12d238f23e08918c38838fe0181224

SHA512
fccec45399258eb98220b7f01b492a72b8b3d1254dec6e196e344d89a0376c6ee24534a31a6675c866d4a17256d3ac6823657eaf04e1d386757d0cbfc6597e50

Download Submit
/data/user/0/com.personal.pdf/app_webview/Default/Cookies-journal

Filesize
1KB

MD5
4ca902bfe60229fd15454a294eb27203

SHA1
1bad5c4d35d04c54e250ee415e2c137ba2570341

SHA256
a140eec816aa90647b0bb770b63c12b67555e2bb70c59c02fce6518719d2d61b

SHA512
78d13c1602009a38fa855dc1faaab18218d4574391811950f803c9e05c1b043dfa946ae1a5d15c0340414b8977b414a67baa93112b93e229aad12428d192dd70

Download Submit
/data/user/0/com.personal.pdf/app_webview/Default/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.personal.pdf/app_webview/Default/GPUCache/index-dir/temp-index

Filesize
96B

MD5
8a239ec45cfcce35aa2d74d6b8c8ef52

SHA1
b2f5c660dad617f3d5c295076d8c0067fdfb7540

SHA256
2e797e2129dcbaa480efcf9425c0ca99deae877e87b7d48639c08361d0dab649

SHA512
53569faa15b21d0994dc20b1724a6c3d0d1a38f69e15990d4cd53562f5ae51d3dcef0e1ad19d42bf8a48d42a3a3d5469e01e5e64bc83797baf51ea698174fba0

Download Submit
/data/user/0/com.personal.pdf/app_webview/Default/Session Storage/000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/data/user/0/com.personal.pdf/app_webview/Default/Session Storage/000003.log

Filesize
61B

MD5
9f7eadc15e13d0608b4e4d590499ae2e

SHA1
afb27f5c20b117031328e12dd3111a7681ff8db5

SHA256
5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923

SHA512
88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

Download Submit
/data/user/0/com.personal.pdf/app_webview/Default/Session Storage/LOG

Filesize
128B

MD5
e063ee0abe60256af5b9bfca4cd52db7

SHA1
d34ca8950a439e9012c60ea2f2bac8e561233dfd

SHA256
65a2765aa08799a44e4d0a651668b73bcfaeb304e4a188c03d63dccd46e99721

SHA512
8de525869cc3bd05129421ead0a0ab99153a9d37e99e9119e4f573631d318636c2004858b6b1a9c505baad593bb7d1faa83c62a19e68fc4ccbde35b81cab1c6c

Download Submit
/data/user/0/com.personal.pdf/app_webview/Default/Session Storage/MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/data/user/0/com.personal.pdf/app_webview/Default/Web Data

Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.personal.pdf/app_webview/Default/Web Data-journal

Filesize
2KB

MD5
6f7220c591e1a1f2a81fadd2a3c55f6f

SHA1
8db6c7924c5c07579853da773122909def07fb11

SHA256
f7b1e6c8de745e11fcd623d76b4573124d2d3cb4789af350e0f342519705a218

SHA512
10f54095144e9e8fc4a785f87317ff42d14774ccb29ca7bed4bab4110c6a51ef689b03a347b747be4f1d4295c89ded61c619ab79ef1cd3799677e47b7a979ece

Download Submit
/data/user/0/com.personal.pdf/app_webview/webview_data.lock

Filesize
22B

MD5
17385882744a7e2721fd9ef68f9c6cc5

SHA1
bac22b3c28c3749a6b32aa71be4f86d3b8e6893a

SHA256
c9dc539878f4ccea779624ab93a436b854f962ddd30c637d53e21beadf4c9ac3

SHA512
03dc660c7e85e72d9381e0d131e680ee3b443c7316be049ad324af4e96493b0c1391a1911521862fec101678df1452ad1f55f6e7e39b26932252b5a8b28bcc9f

Download Submit
/data/user/0/com.personal.pdf/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
07f6372bd0d9297d62a1b4e2c099f5d1

SHA1
aa3264e9a2b8c160cf7279196068d7c48bfe6437

SHA256
b22cc778fe3bb9117e92590233d005afb3d2ea6b748bd967e38588b20b5ea205

SHA512
fbd43407ba7a276ce842fa8e2a677394cfaa724cebd26ed74db891814d19d1c9cdaff06e78f4da7122c3319338175a46b90034312c4365faba5e33617edac3a6

Download Submit
/data/user/0/com.personal.pdf/cache/WebView/Default/HTTP Cache/6f729cdd8af6b4b7_0

Filesize
322B

MD5
d2aae7688f18bc828c511468a5fac06f

SHA1
b1723a0b26083f13fef7c4bfb65ccd85d34bcf64

SHA256
d10572400761004fd09b5235efea8f73320339290f9c73eead88d67314c792a3

SHA512
416bc33ea0aa4dad7f20fe8c8f3421374885a0561dc4dd4eb961f643695cbf0947cc64b8529ebbcbfba338b556e796d056453930761640aa85695add110d0dab

Download Submit
/data/user/0/com.personal.pdf/cache/WebView/Default/HTTP Cache/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.personal.pdf/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
77793bf0040ad2c551ff74cd52687350

SHA1
93527e0456e76653fbcb7c35028ec837a7260b84

SHA256
ddf40ce28a0727ed2ba78eddbc2fe718a9e3e6b31b7092e883dd7d97c81e28d2

SHA512
abb9bfd4e3e7a1c4fbf67f9bad9b380ff7b42011251a81b2a7e34a4e27352f84b9f5cbd64aa5b18341a74b82e375941235476230dca1a68766697926312ddd6b

Download Submit
/data/user/0/com.personal.pdf/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.personal.pdf/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

Filesize
96B

MD5
d3d02a976b408b003f3d92f0874cc87f

SHA1
3050c9d8f80523d8fd3c90baf7c7ee28edcafb17

SHA256
5539e31fa90a5af1a3661b635b1c4e9f865e7287055daedfcba8fcbb87800e5f

SHA512
fbe2c9e798b351ba09787b39656e07acd09fa014afed79c57efff7d02f088ec6d56949759173250b22151bd45fb25571e08c440b5bb3d83f1a1853770d646eb5

Download Submit
/data/user/0/com.personal.pdf/cache/WebView/Default/HTTP Cache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.personal.pdf/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
144B

MD5
7f529d02d767d7f762e99df061bcb20a

SHA1
6e012dc015c37baab2a62cd6620f6865853e54bf

SHA256
9407c359a5f1ece9d0fd98fb34bf1830ecffec31e15ef648efee06a6f8205edc

SHA512
71a74b6ea63f2c458b4bb157bfe4fde4b406419f141ad3cb9ed2ed81d2de72c6f7fe5f03a536837ed2f1e6057838a2009588cf081e84415970a13d346eb4b49c

Download Submit
/data/user/0/com.personal.pdf/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
96B

MD5
c4ffa366c8a30bb416678bd256f62b4c

SHA1
13019f4584ca1fa011f52c912f1e9988015f55dd

SHA256
339e3d647bf8765cfe30c38ae410eec898972d6ad767629dba12671292662775

SHA512
491f0a382ef85a7c07ff5940ec37b5fd0f748afb5ad75898b9c679a1bfefd1482479c2853d2958fb3d95349b9d1ab5287ad169d44fece5a08617426f90a040d2

Download Submit
/data/user/0/com.personal.pdf/cache/WebView/font_unique_name_table.pb

Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.personal.pdf/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit