Analysis

  • max time kernel
    1919363s
  • max time network
    143s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    21-02-2023 06:14

General

  • Target

    NitroGenTEST.apk

  • Size

    1.5MB

  • MD5

    3dcb7c99fef464a0259b1a5cf2b2f326

  • SHA1

    1e24066aea035bf683e14dab7c1fd13e2dc09e1d

  • SHA256

    b5ac7c99b6b02768944cd2e7b5408e28fdb14240ed2b5842a73ba02a61756eef

  • SHA512

    838829a43ebc40487a206f75f56a85b65cdb01b3d8cef767182425a590faf79e6b79601e1530ffe34378e1223c9a06184f53d52ba53471fafd79d760a209febf

  • SSDEEP

    24576:nN7XrPybNxjPhnVQXHoGy1CQmKhAtK8lK/kF8QYnp703kkCCL4HgLn2hj:hLCfJnVCHt0Ckhq2sFxYnSk/CL/n25

Malware Config

Signatures

  • Anubis banker

    Android banker that uses overlays.

  • Makes use of the framework's Accessibility service. 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
  • Acquires the wake lock. 1 IoCs
  • Requests enabling of the accessibility settings. 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

Processes

  • sampop.sampo.samp
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Acquires the wake lock.
    • Requests enabling of the accessibility settings.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:3981

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads