Analysis
-
max time kernel
3630124s -
max time network
71s -
platform
android_x64 -
resource
android-x64-20230831-en -
resource tags
androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system -
submitted
27-09-2023 20:39
Behavioral task
behavioral1
Sample
anubis.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
anubis.apk
Resource
android-x64-20230831-en
General
-
Target
anubis.apk
-
Size
213KB
-
MD5
ba7b1ba0830e11da60dec1c90632515d
-
SHA1
b0a38160d78f9d0799c646d9f21ab65afb917202
-
SHA256
8cb941658ed8340b67a38a47162ab8850b89a14eee2899f0761fadd4f648fd5e
-
SHA512
b53be16ce325c094dd6c1188605b8abc1fbb7c085a4cacd9f9649d9fd4143e70ae9c49a718747f46860e0c3899704a8bd379c104107ad565fa6df980ba00d420
-
SSDEEP
3072:daC6U6a1PPE/387RpOnzy3fmhbGluwXK6boURb0gqJo0DK0z5StS:sB9a1PgMOnzhxGlZjb0n9DK00I
Malware Config
Signatures
-
Makes use of the framework's Accessibility service. 2 IoCs
Processes:
wocwvy.czyxoxmbauu.slsadescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId wocwvy.czyxoxmbauu.slsa Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText wocwvy.czyxoxmbauu.slsa -
Processes:
wocwvy.czyxoxmbauu.slsapid process 4950 wocwvy.czyxoxmbauu.slsa -
Acquires the wake lock. 1 IoCs
Processes:
wocwvy.czyxoxmbauu.slsadescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock wocwvy.czyxoxmbauu.slsa -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
wocwvy.czyxoxmbauu.slsaioc pid process /apex/com.android.conscrypt/javalib/conscrypt.jar 4950 wocwvy.czyxoxmbauu.slsa -
Reads information about phone network operator.
-
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes:
wocwvy.czyxoxmbauu.slsadescription ioc process Framework API call android.hardware.SensorManager.registerListener wocwvy.czyxoxmbauu.slsa
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
421KB
MD58345c73b46814e1384ff8462248b23af
SHA14d9a4db4c7cf0a19d041d9191cef90df5d186aad
SHA25632fbfe031ecde2df1f5427303b61eb84492d3edf22d6a133b002a00bba7c1439
SHA5125895dbad205eb6a72516745f18d1ad49cdfde4eaa197df752447e488fe976f91eba305499bd8b6abc5c9746b90f377b669a583104b20d5d8bc33fd5bf0b23d74