Analysis
-
max time kernel
179s -
max time network
188s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
09-08-2024 07:15
General
-
Target
HACKING+SERVICS.apk
-
Size
4.3MB
-
MD5
4d672905d243501d6903202bb7d8a5b2
-
SHA1
59785a69de9ad9ac694fbf448aba8c7a0d37e61f
-
SHA256
9f69dd4e449a43b6009b716c67c6ef8cd75a57a2d5d1ef02b1004dcde5843bdd
-
SHA512
30989916494f0ce2ea47b6f737d5fb4ea883b1eb9e17163934ad4f92e39c1cdaaf3adfc31d6a9d45f96ad6129b2752709916f451b692096732ad4194e5656f72
-
SSDEEP
98304:FhE/s8cG25/IwoLxSAMP0+DOIZsjoltLvOr1F35EoorG7Y:FJSwoLxZ+SIZs88iR
Malware Config
Extracted
anubis
https://google.com
Signatures
-
Anubis banker
Android banker that uses overlays.
-
Removes its main activity from the application launcher 1 TTPs 2 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
-
Reads the content of the call log. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Input Injection
1Discovery
Location Tracking
1Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
3System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.8MB
MD5f72275baa11d6d97268f090488b52b13
SHA10886cd7e7d6c612e9512276ee868779322e123b9
SHA256cfb1c709b22f50da8340f6267cff722da29f77bb88316df0360c0209b1e78eaa
SHA512bbc73c9a9dc8b6c6e72ae1e7981ac9bfefd68f6342e5c1586f62ce92a8126d7f0cfa3aa5fcf905e1dddcd8c16dedcdd3b2a6df28e01b973d652418a1be69cf47
-
Filesize
32KB
MD51854505a3f6d683ed7eb81612934370c
SHA14f710add9a652d2fb92b7ce45589e27bf03f0b2a
SHA2568100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4
SHA512104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962
-
Filesize
512B
MD59f1698a5f35a184cda92f6bf27ef66f2
SHA1bba81dfb68e80361a9765e3b645076ab6a281700
SHA256c775ba39e250117939008e5179a12c1e4eedb51956afd0a80de53d4acc74ccbd
SHA512fcd3640651bbf664c19d5f66bf8c2efe19f8b5f2137bb449c209182c24195d42793e6fb7de8220fe86ce1c1d143caa19755b5996fb6a16179050569f085fd737
-
Filesize
8KB
MD5dc51843474d4fff4744c199433a3cafe
SHA1f1863e3474ba3d5a11a83f450fe73c0fefa5d6c3
SHA256f43b4402d642e265e566f130d6274c8fa77c3de7d829f72650fb419b78827c62
SHA512f4bcaffc8904cf79e320c3b20b6c17c0f05afd0fea7c07cbe817f41ecb017f0ceac8002b45808c65081bd7fe0c1bff63380ae717bb15a489d573f4941e4bb426
-
Filesize
8KB
MD52061aa2a68af44e5cc389e30a27f765d
SHA106ed3a1a3f2d39815bc420372a4bfba22b0d0b38
SHA25668672f9a97c27b6a21fdd4d62f2a8ac1e01440bec115a4ce6b44d1500c31d25c
SHA512712a115abfb4c6d0e856b0fd65bfd0d36efdcaf6171dcc8baac7b949570fa9562e90a2e1eab8966b6ee0dee1cf187310a91f85265622b64df8093b2ff677ac8a
-
Filesize
8KB
MD55fa5ca11de952df16a578ec7640975a0
SHA17662d2c722d49eb8d00c46f09a5fa23c3da96e0a
SHA25645b0397d8be9f46e91f25693c0b74a6f3de5a9d3fa921faddee3bdad914ba5ff
SHA5129351dde5a811c66413624657fab8455ce0e8f9be81ded4037c1318c35c3faded734cd7b2865f8e2c7f7bbff776fa443b097dc5546324abe5340edd193539d85e
-
Filesize
8KB
MD57da0213ba5cb09336cf5c46b51a56168
SHA1b23b202032b75f1e844b698bd33dbdb91d8c5d26
SHA25627dc679d707cd997421716d9979e9b3e0f7f1dabbb7ddc5045068698fbab5c25
SHA5121363d260f721d6581054f601a53fbecfc53d65522576e2ad56d50e3d1d4b24eb3a5ba6e1dc55af1c17a92e384ce45a6544e9faef7dd0ab0775000b718948a2d9
-
Filesize
16KB
MD5c3c4c3f92ea4acc725fef26892563626
SHA113bf2e586856e2e623e928106e42ded1a0ee89dd
SHA25607115bf7267b968b0bf8c7793f8882181f5074f8b00744b8d0d456f575e8bb32
SHA51224c43d46d481ac537bcf404e1f3abebbafd9ad20f7336ca4cdcea8ab946ffa268d9809de3c6f1f3c444bfcbefb5b9569be9174c9138c1cf5fc0b298999efb4f9
-
Filesize
8KB
MD5eed307422d82f2cf4185529fc0f991a5
SHA15ee8553c51601a44a9634b69c2f33cacd1a32afa
SHA256c111684bd2f6216393ceabe120bdddd4db38b5892edc36169ba094689d3859b6
SHA512d4d77aee560f44d68d08ecbc529339dc91d7398d2121b91901b1ef85a1a904a72f6eb9802e695aeb1fe729312d16c3379c187d2a6e54e64513f4bf6eae5fff1f
-
Filesize
8KB
MD51cc29bd3395d1318c059693d8bb04b2d
SHA1aae15d4ab56bd0a2c113288eded9c2c6846dfb5e
SHA25616d873e5d94bab29ae5be818f2a5f22445900574b026a33a564ec61a842222f3
SHA5126fc9cece1715d6320f87298374ab7918adb45347dae299f7f3cf8aba190bb669ee750f8b6dba4ee39086eb611ca6be2d8f5d1f4bfb5e0088b730ca98a528432c
-
Filesize
512B
MD523cc59e50e6e0c00ab1bd8ad15f0df32
SHA14234ba03b7fb000d849be0b008de4e13c13ac07b
SHA256a963d7318086df0c10d5dc377fbdc4d3269cef0ab69221aba5d484f45d9908ba
SHA51232f0475b38650990786992d472038058a1f24e10e6a64c6d3926f22a32c409e82fc7058b4d0008040a81903ff6da6358079b50fa1c483395efd3908c30a5c9e2
-
Filesize
8KB
MD5fa9e251ba559b32cd6e944ed91fb09f7
SHA1eef967819d25a24c195aeb605c211043c6bf41fd
SHA25646bda4dc81e4ec0fc747796d21a444d28157420df2bc22d3e3da098333776c46
SHA5120e39e2a87ef28b31c498617ed0570332b7a4499d827df5f30ea56ca4a2022aa85a962acbb10a55e06349e79179e19584ffd71cfbc228f44528018883be890ef7
-
Filesize
8KB
MD552a36813c39c5d153c53f87cdd670a18
SHA127a399adcb8844a9dc18ebd7e1a1b50bf26e3c9c
SHA256edf6f38fac5b34ec71694d5ebabc78edb3f9b97c086c0541454aad0b6822ac4b
SHA5121366017a4799e192d95f8fc4d9f05b14ee01f3ab343e87f22f783f359f9d10988827994054165ab57707d8bc63db600b42ca5133d84484d69a200d132f3b81db
-
Filesize
8KB
MD52c55c5487436e4a4aad1eba75b7bed66
SHA1359d1607ce78d263e1fb35ca2a1eff83f82b8524
SHA256c9dcf9fb2d3c92e3693434508953b5550871374ddc0069cd04bc88b5aa0d5ee7
SHA512cd7aa3c8baf7630d27ba5866f6e911561e997625a24dcf790f97477578c4ced92f777e200a586c2aa16ea0d3832c62da4559546753e12cbc226c18c82ff04318
-
Filesize
3B
MD558e0494c51d30eb3494f7c9198986bb9
SHA1cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA25637517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4
-
Filesize
108B
MD513d4f1e5b9a40c4362464ede3050d1d9
SHA13ba78ba96fd3bdfd3af95b452387d10588d66776
SHA256d6db96b64c6d0ec4c0208613c76e273a9a3d3ed43d701793172a2222208ce96d
SHA512c82f638a1337fd3698ccf7f2940d66488e282465ce01b5ea6997357c1c16324acfd3f9cc4ca87c3ee4f23308a17683b372bf31399b3bd0652d5dc84b400da86b
-
Filesize
108B
MD5045c5e8c2659dd3e22b5cf381ace16c3
SHA1d081f277ab1c1cfcd563ab90e88de2ccd364f6f7
SHA2566094974590afd70754c55b6fd299e16e234d4fc73533fb8f6c14c74d4a576865
SHA5121129b0e954665fd0659b47d224ff0ca5192e348a06aba19d64613b0c771b9e6067642586b10539bc76dbf178aae342d7ebbc64a95c2fbc026d22afde3ee8ccca
-
Filesize
114B
MD5585b3d0e1734fc669d26ae403904d974
SHA1f4813d7dc824c0dc30ad96d143b34e3e9744b7af
SHA256c92830308eae2c98262d7f1e642d9708b490d325506a52de65431ec84e4b5876
SHA512f38e4f07674a39d45b711077202c84f00804b4016255d2790e2c1874ebfac781e9635ce666f030d5dbb7de491692d9bf82020a6e5aa5662cb225f22f95adc0c0
-
Filesize
108B
MD5ebc33ce6d5a357f82facd92bde97acae
SHA13cc6513bf7d674751bc4bde18f14d1f25f6ee7b4
SHA2569ca4212c98af02c227c4d9d633df53f4ac5c555cae64a499b90e06d27b99bcc3
SHA512896a696fba0a244eb65ad22876ed39338feb0a475247a26a404903e2b413c027f6b6b4980801d48961cb0ec3b0698628a1af583ac4bd01c1ffe93e5ccf795564
-
Filesize
114B
MD52890fcf2420a44beb09a879a98ccb8d2
SHA16a7d970dc7a672bf75fb0d82cb48c20286d9ac44
SHA256aeb378dad7df5e608db604fbf7ee69428408a00a9761fd72b4ff91b1126c66a8
SHA5127db807461b5555a093593105326826546510edba7dce946449be02ae71867f9b70e93986a4ed9609535b95fc86d5c13eff472f216173a012e3fcb65487a68d6d
-
Filesize
114B
MD5bb27348c7f70d9bd65c39aab708a173b
SHA1df23dc0e5789d0b1a59d4492921d1cbb54364f5a
SHA256d3697422e523beb50c4ebd4d7bbba3524465380fc5741c0159d7b5f2a6e071f3
SHA5126fbc70eaddf0109f055ce20610f9454d4b299780fd2c6bd012d084d52ec88b9b7be1e444fac235cf041abbd1c83e6ff5f2eb4ebe19fd5de511d81e9778384eee
-
Filesize
566B
MD5bdf5dbe2b21a0839ba87ebb1a76ee122
SHA12894816207643a7c2a25f64c8f79d5cb97437462
SHA25693f3c755a4794b1de89ba1353a7faf7b8bce64d45c6d35c22933bd01287dc71e
SHA5120cfa1a41f3f401702df66fcb72c04de246bff091e3ddd651c38dd5a4afeac5f8bf5d5b0786a4241df07e153a803b8c1133e84a876de01025009e0baf1fa552a4
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
854B
MD57d0ec2416de1f16683fb9ecb1f8d475b
SHA11b7120ada826a77ad2cca2ea076bc2b92c9e9ba3
SHA2562b8fcbffcaa418c048357de5dd3d13267a8dd3853cd6477d9a4fa00a89430262
SHA51273079fec8badb1de87d2f323d666fd57c463b686dc63e083f88aa7b91b2d23a589e6523dabfc02fe17f0551becc876e96a37414fe14430f15c786067d4b30c33
-
Filesize
854B
MD5a2bf9892ee00035ecbe64a2ab80bacce
SHA1db541c794f26cd8b086d37edc99c8f3eda338fb2
SHA25608cefb64405d8e8c2b88275f5df0ceab19c459c51e43a2d3d88a144f5a99a930
SHA51211877b828cc858b1ce1f9ea0c4a14a0c1c777970d15795acf636a240a02e6adcdbb9a01964d398682fbb3e0d174c257791a01b09f320d870a96a7452641de244
-
Filesize
10KB
MD5df036b93426f886d1696210079b94938
SHA1b593b3806d3d85257511959992013f6a4f543011
SHA2566d9bb455edd9154e310a777aad0dde552ff995134e2321933a0365f9112c3912
SHA5120d7eb6c0e5378a362a4bbebbc09f291080975c8ece8473d28c9cc9ec5b4a138f2fe19b09bc5d44cf17ec66a4f59dadb1de59ac8286cdc10a461e46491da01e29
-
Filesize
12B
MD5e48057c3603c907cacbe1568a7dbfc41
SHA16e100086b53e20e499a9be069aa1b452faf82ba3
SHA2564b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a
-
Filesize
56B
MD55875f4fe2a4b68e19f5f6e071fd6fc6b
SHA1fe1a887f8ef6066bc30970ee9c48e0846865b9b1
SHA2564d36c3e00ee88cecd60d502af8fe1caf72cd0ca0cac7b4c61e88c78439c66377
SHA512eaec72ffcfe83f33b0522bcba628c25495711812c940c8dc97b8a1b2f406478acfd1d0dd67ec6ad46511350a48816e1a7362e535e75d946c836c0e97f87bc19f
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574