Analysis

  • max time kernel
    1919180s
  • max time network
    144s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    21-02-2023 06:11

General

  • Target

    NitroGen(slow).apk

  • Size

    1.5MB

  • MD5

    c3a0d50701c5ca687b20b30476251c60

  • SHA1

    18f3f51006fa5ad7e52ea131e4e2349a33de4c1a

  • SHA256

    76a5004c64a23e9b068de2e80451d2c2032d72433bf2fd7330dff931aed4b886

  • SHA512

    7b9239d25578084a64ca89bf4737b7e48360091033a8add2ef1d554df6c7f7d2862be0c6add966c9a2f061c118a29df490e00a36881de381f8023e56e3a2dab1

  • SSDEEP

    24576:8tTBy9cBplEJGVQXHoGy1CQmKhAtK8lK/kF8QYnp703kkCCL4HgLn2R:YMK56GVCHt0Ckhq2sFxYnSk/CL/n2R

Malware Config

Signatures

  • Anubis banker

    Android banker that uses overlays.

  • Makes use of the framework's Accessibility service. 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
  • Acquires the wake lock. 1 IoCs
  • Requests enabling of the accessibility settings. 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

Processes

  • sampop.sampo.samp
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Acquires the wake lock.
    • Requests enabling of the accessibility settings.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:3982

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads