Analysis

  • max time kernel
    2812126s
  • max time network
    163s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220823-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
  • submitted
    05-10-2022 10:05

General

  • Target

    d4212439e709b6d3f363fecea26e71a6496011a776986698fe34e05bd3766ac4.apk

  • Size

    1.8MB

  • MD5

    8a4949f3337a806c6d2a3beba9bca511

  • SHA1

    4573e7cfa528c64de796210e1b69fca8b8cf87ea

  • SHA256

    d4212439e709b6d3f363fecea26e71a6496011a776986698fe34e05bd3766ac4

  • SHA512

    0ef304ee269af8ce2ef385dad9898eb59b5ee72421137205629e6f93e0cf7c2a46d86e586cb8d08d2ca0afe8eb11ed2219a9f514a6e438087d183ab005dd156f

  • SSDEEP

    49152:nAqcnH9bZjBkmOgN++OfDOAW2uibbPfgwgGKz+nvd:n8dbHkbt7OAW2bTgfCn1

Malware Config

Signatures

  • Anubis banker

    Android banker that uses overlays.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock. 1 IoCs
  • Reads information about phone network operator.

Processes

  • com.tencent.mm
    1⤵
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Requests cell location
    • Acquires the wake lock.
    PID:4250

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/databases/Dname

    Filesize

    128KB

    MD5

    0cec3bfb97074676594d4ec7d3729209

    SHA1

    2a4d174f02728cfd352f043497a12ead76970362

    SHA256

    6f5adcf5267e62f9b5f4202f27b755ce9cf6b2fecae79317f10d022b2f829971

    SHA512

    f861128ea9ab1ba2606b99b550061071b7b5ccc23b5ae7a098beeb56a5769b4d969b7259a38507d77e7d5a78e6f9c95d1e3ba9d62378bd1cf79c04ae110516c5

  • /data/user/0/com.tencent.mm/databases/Dname-journal

    Filesize

    1KB

    MD5

    06a4302811b7a614b29183566ac18e4f

    SHA1

    007d0c5f2fdcbc511870dfcaf0bbdb6dc41daf69

    SHA256

    24af770ed570cf8c5a27a07951b1cd4aa4ed17e39d43bb6b157d6c9f7efc6e2d

    SHA512

    98608d7fff9312d66b9702752ec52efdd32dfcc35cf9ec2a4a702e2d29d25b896bc406cddaeea9212333316e4eadcc0eb15f53b30fdd55325d6e6e18ea7d7700

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db

    Filesize

    416KB

    MD5

    4ff81873173fa2a6d8495cbdbda00413

    SHA1

    42d68f003c2bb3074471c5ac182f4e5433549dea

    SHA256

    1bbfa15ebd235bcf5f7a78663852a680ebd36c3462069dc20f4b55ea8fa9298d

    SHA512

    eb57a8439ba8a7ae7d2032f794d73bd1b3c76537b4d5c9403352559b715289b4194c2d6ab60fc68d91a16795d786bb258f02d96f8dd4e12dc3f7368616190d38

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

    Filesize

    1KB

    MD5

    de08f5c2c2d38686ebb8ef62ebe98360

    SHA1

    fe77e8698f2f198ae4abf12917fac2d2d7c2b345

    SHA256

    fb099fed909c788ed21618545ce4032a4b6c394fe14beb6f9375434e155ec308

    SHA512

    978f1297f0b1872b3053f65105a5b468e87415fc49630af3a8282b048fa810d5c2eec3d5699f3b18acfd447df6fbcc31e2912a6b9057549f21ef68f22cc87558

  • /data/user/0/com.tencent.mm/files/CallLogs.txt

    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

  • /data/user/0/com.tencent.mm/files/GP.txt

    Filesize

    114B

    MD5

    6969ba0c46a7b17f47440c9666b4ca7b

    SHA1

    e84e214426341370904c4a2d8380a2ca658f85d3

    SHA256

    397c9c2bf81089fb1c9b29e9a6f6b227507d647d28a08ecda3d48e25fd59333e

    SHA512

    5e2cd4ae498e9ee2b260225dd1529ded718014a761e9121ed01943b61fd275d6716eabc9c49580c137330be3e1f9164978216156c9b388ba1c22a949b97e53ae

  • /data/user/0/com.tencent.mm/files/Tree.txt

    Filesize

    477B

    MD5

    aebcf5debe6c1dbde0bc72de0bc42935

    SHA1

    91b5362246793c2639ff105fe971ad63ef3acc53

    SHA256

    b7ce9eef7c171b6332a23a6d97f12dcb27849048bc8138f55532b811b92d00aa

    SHA512

    e678a23a258f0f0a10afc0ee9f312cdbb9baf1de0827332646dc0089fafd556bb8a103968175b1e54b984f1b99d619debff6a124e770f35972d876d5aa6e349d

  • /data/user/0/com.tencent.mm/files/accounts.txt

    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

  • /data/user/0/com.tencent.mm/files/netinfo.txt

    Filesize

    854B

    MD5

    cf8c7cdb52dbd471d904fc7b277a23e1

    SHA1

    cb79c4b8605aec19319ce3c69364e1b31b50b977

    SHA256

    e1b932e1d268209bbc0886c29ed69a2d546fc685d8cbf00b339394a0310c315f

    SHA512

    50b293591d32721ac29219463d464bb2867d35749ab949290cf01c3fe74bba65ddd4c87c3958d893926dd22a03565f99dacb9acb20975e41235cb6766f078c71

  • /data/user/0/com.tencent.mm/files/pkinfo.txt

    Filesize

    10KB

    MD5

    b593d0594fc2e98f60b0288475ba950b

    SHA1

    1c10ef393a2666d7640ca45e663321019a5675fb

    SHA256

    49e287b4855336cc22b24d4f912538f43d226ddca9b322d769fb3ef0306d9411

    SHA512

    7ba2ceeddfbc8efee39b6a5d9f81001cca3e07d6d6311ae16e0eff38fd395567fa3236aa7f7b59def32a5a7ed27d24cd852b3936d32bd05b467dbd1ed8dcd40b

  • /data/user/0/com.tencent.mm/shared_prefs/evernote_jobs.xml

    Filesize

    117B

    MD5

    352a7c77ff41d272f8133cc21efd3326

    SHA1

    1581756f68cf9267fc211b5956ac08e5a7a9bbb8

    SHA256

    763b69f43786a749445d4f59b9a0a799161f27b5bd7f2bf3288487cb1b909adf

    SHA512

    6397c97a1cbd53c9d386aa3a78d73ec89b4ebafd1e07c089533d299b7d78fc430ca9d530cb99aab92a115d3f77877db90beef08a6d78370e51d9987ec8c3cd07