General
-
Target
5a5dc0af9f9312675e6274234a2b9e63b84230b6f0038a18fd236b48ef1fb63a.bin
-
Size
4.3MB
-
Sample
240806-12razsscnk
-
MD5
3a5fe8094209f0245c108b22bdc355c7
-
SHA1
5f173c587bf3b9dc31718237e0b20a653bc605a7
-
SHA256
5a5dc0af9f9312675e6274234a2b9e63b84230b6f0038a18fd236b48ef1fb63a
-
SHA512
9d8c75f3ae44dd9c2f321114285aa9691aca237a71a43aa5c02ae7e1f0caaf2b9b9f7c592042e1b8e61b40b1fcabf9ec4ac354fc97a8e75b399a8a0bc43af86d
-
SSDEEP
98304:J1EXdbqc96480w72bD2mrUxDELEz9lR9FLNBRhfrG7J:J8+261f9SUxcEt9FLNBz+
Static task
static1
Behavioral task
behavioral1
Sample
5a5dc0af9f9312675e6274234a2b9e63b84230b6f0038a18fd236b48ef1fb63a.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5a5dc0af9f9312675e6274234a2b9e63b84230b6f0038a18fd236b48ef1fb63a.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
5a5dc0af9f9312675e6274234a2b9e63b84230b6f0038a18fd236b48ef1fb63a.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
anubis
https://google.com
Targets
-
-
Target
5a5dc0af9f9312675e6274234a2b9e63b84230b6f0038a18fd236b48ef1fb63a.bin
-
Size
4.3MB
-
MD5
3a5fe8094209f0245c108b22bdc355c7
-
SHA1
5f173c587bf3b9dc31718237e0b20a653bc605a7
-
SHA256
5a5dc0af9f9312675e6274234a2b9e63b84230b6f0038a18fd236b48ef1fb63a
-
SHA512
9d8c75f3ae44dd9c2f321114285aa9691aca237a71a43aa5c02ae7e1f0caaf2b9b9f7c592042e1b8e61b40b1fcabf9ec4ac354fc97a8e75b399a8a0bc43af86d
-
SSDEEP
98304:J1EXdbqc96480w72bD2mrUxDELEz9lR9FLNBRhfrG7J:J8+261f9SUxcEt9FLNBz+
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the contacts stored on the device.
-
Reads the content of the calendar entry data.
-
Reads the content of the call log.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Listens for changes in the sensor environment (might be used to detect emulation)
-