Analysis

  • max time kernel
    2812120s
  • max time network
    152s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    05-10-2022 10:05

General

  • Target

    d4212439e709b6d3f363fecea26e71a6496011a776986698fe34e05bd3766ac4.apk

  • Size

    1.8MB

  • MD5

    8a4949f3337a806c6d2a3beba9bca511

  • SHA1

    4573e7cfa528c64de796210e1b69fca8b8cf87ea

  • SHA256

    d4212439e709b6d3f363fecea26e71a6496011a776986698fe34e05bd3766ac4

  • SHA512

    0ef304ee269af8ce2ef385dad9898eb59b5ee72421137205629e6f93e0cf7c2a46d86e586cb8d08d2ca0afe8eb11ed2219a9f514a6e438087d183ab005dd156f

  • SSDEEP

    49152:nAqcnH9bZjBkmOgN++OfDOAW2uibbPfgwgGKz+nvd:n8dbHkbt7OAW2bTgfCn1

Malware Config

Signatures

  • Anubis banker

    Android banker that uses overlays.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock. 1 IoCs
  • Reads information about phone network operator.

Processes

  • com.tencent.mm
    1⤵
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Requests cell location
    • Acquires the wake lock.
    PID:4072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/databases/Dname

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/user/0/com.tencent.mm/databases/Dname-journal

    Filesize

    524B

    MD5

    7111a8ed02db69836e342a7be2353547

    SHA1

    6677092b61d9ea452794bcb41dc02a7663e955a1

    SHA256

    f03916a6b65256e61b5e90a091c49d2693fc7af5e4216c9e8dd390e5c4ae4504

    SHA512

    c90a4d60d91c89f227587e48828f6d80dbabcb32765021ed2012e5f5de67cf753771fa63284546049b657088c7ec518cd3e62c82f0999a885456bd6f0044372c

  • /data/user/0/com.tencent.mm/databases/Dname-shm

    Filesize

    8B

    MD5

    7dea362b3fac8e00956a4952a3d4f474

    SHA1

    05fe405753166f125559e7c9ac558654f107c7e9

    SHA256

    af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

    SHA512

    1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

  • /data/user/0/com.tencent.mm/databases/Dname-wal

    Filesize

    60KB

    MD5

    4077c5058ed4cb9e4a7ec3abd40ed915

    SHA1

    35b43e67272bcddf64e279fdce33e0738872c8c8

    SHA256

    db2ab6409b22f29517c3442c0e725c52f9d421aed2e4fe5200b0778749847951

    SHA512

    f4bef6de3ad25ce75970a3f3be31c80267146a8a8c0a92c5bc957757a8899412b93b8a6f4a20d8fddbbfc6160ce01b0515ba805083ef93649382206177dc051b

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

    Filesize

    524B

    MD5

    c8af7f776af76868a3d07f7bce4e2439

    SHA1

    c0d1c645382918e2594798f5cbdf20b720308434

    SHA256

    1f825078c008da9433c7b47a5b2603509dad8c3f255e5a2d3acdffc25d481ebe

    SHA512

    2df4e61081843f59a86ee64a27be9388f3296ca736c14f3ad335b028bd6bae0eb0d0fd28e5536e61e7f0875e5c66be80e8352f8f98be036a263416e121111379

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-shm

    Filesize

    8B

    MD5

    7dea362b3fac8e00956a4952a3d4f474

    SHA1

    05fe405753166f125559e7c9ac558654f107c7e9

    SHA256

    af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

    SHA512

    1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-wal

    Filesize

    116KB

    MD5

    b3584d7aef3f2037e5fe89b5ab6a20e8

    SHA1

    acd2e14959c59164e3122c21dff23fc895d98a8c

    SHA256

    312352e7f4204c8487f1c99e952a16e0bd60012e6b25ea4f3dff59ac6b74eb0e

    SHA512

    c0c7c41e59252f0d62239aca930ff56fe2164269e40922e11c86a29c630ca7194178ab25d87199cfc930b6a35f3d36519099d690253e7c27f4d708cac3ad6755

  • /data/user/0/com.tencent.mm/files/CallLogs.txt

    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

  • /data/user/0/com.tencent.mm/files/GP.txt

    Filesize

    126B

    MD5

    845a7bfd76a2eef79e8693a4abd33ef7

    SHA1

    c19428aa5978df5a70cda07515d85c48bcf04d3d

    SHA256

    b6dbf22f60ffe55f4b644d3f7e63f85116c721b48acc6955d57d53f607db5952

    SHA512

    aa1674d09db3905f088873255e2fe32f62ea8007ed01cfe5f7645f4db032e150f75cba36ab7caa318efb9627508ddc516b01470931314271fce5121b8c27a103

  • /data/user/0/com.tencent.mm/files/Tree.txt

    Filesize

    193B

    MD5

    1a1339adb82ba959adccd680c5a323ee

    SHA1

    d2fd19ce36d31dd56abe5ada21d3654f413662a8

    SHA256

    b50a22dbebcfca6fb8138bb02abb635a62eb37aceef0fc6cc9a1772e20c775b1

    SHA512

    ae1d29404a267b5b8305d17ac816a934c40be8ef021c161b323ed2cb364976cba8c985b08a0c8896787691d97d39a0479ecc75ae5163457696d384f4a08cff73

  • /data/user/0/com.tencent.mm/files/accounts.txt

    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

  • /data/user/0/com.tencent.mm/files/netinfo.txt

    Filesize

    609B

    MD5

    8f2ca07b3ce9e6a7b45d49f7b3b64847

    SHA1

    ae4e08e1ad4fcc6c967900f64b7ede93909ec5d6

    SHA256

    439470ffee13672b7946850953e90ff0a44ebae0d4b903af743578bf3e30c98a

    SHA512

    b6d0e1cf1bd9fa8aae6e012f43c54917eba49803dcccbb34c1552a6f937df216eca80c53e76291b178c7727a0eca28e43a7100899dfd601c6d9924cd0b0aef53

  • /data/user/0/com.tencent.mm/files/pkinfo.txt

    Filesize

    5KB

    MD5

    9857c0caa99fde5d0bf47c0ee0fd821b

    SHA1

    ef4629899e6ebbdbaf45ca4885f5b960da25538f

    SHA256

    d68311a5561ada62ee327cda3a9b29c41ed0d7bc16586f9af6d5595a96d497a8

    SHA512

    312c11c7b41384fd5a7ef466f06813c09f6c661ade0ed4ffe6e8e88969f2ba31257a90333b13ce8d4b2ab0692318b638f06aecfea11aeb2df3739580e635a148

  • /data/user/0/com.tencent.mm/shared_prefs/evernote_jobs.xml

    Filesize

    117B

    MD5

    352a7c77ff41d272f8133cc21efd3326

    SHA1

    1581756f68cf9267fc211b5956ac08e5a7a9bbb8

    SHA256

    763b69f43786a749445d4f59b9a0a799161f27b5bd7f2bf3288487cb1b909adf

    SHA512

    6397c97a1cbd53c9d386aa3a78d73ec89b4ebafd1e07c089533d299b7d78fc430ca9d530cb99aab92a115d3f77877db90beef08a6d78370e51d9987ec8c3cd07