Analysis
-
max time kernel
179s -
max time network
188s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
-
submitted
09-08-2024 07:15
General
-
Target
HACKING+SERVICS.apk
-
Size
4.3MB
-
MD5
4d672905d243501d6903202bb7d8a5b2
-
SHA1
59785a69de9ad9ac694fbf448aba8c7a0d37e61f
-
SHA256
9f69dd4e449a43b6009b716c67c6ef8cd75a57a2d5d1ef02b1004dcde5843bdd
-
SHA512
30989916494f0ce2ea47b6f737d5fb4ea883b1eb9e17163934ad4f92e39c1cdaaf3adfc31d6a9d45f96ad6129b2752709916f451b692096732ad4194e5656f72
-
SSDEEP
98304:FhE/s8cG25/IwoLxSAMP0+DOIZsjoltLvOr1F35EoorG7Y:FJSwoLxZ+SIZs88iR
Malware Config
Extracted
anubis
https://google.com
Signatures
-
Anubis banker
Android banker that uses overlays.
-
Removes its main activity from the application launcher 1 TTPs 2 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
-
Reads the content of the call log. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Input Injection
1Discovery
Location Tracking
1Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
3System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.8MB
MD5f72275baa11d6d97268f090488b52b13
SHA10886cd7e7d6c612e9512276ee868779322e123b9
SHA256cfb1c709b22f50da8340f6267cff722da29f77bb88316df0360c0209b1e78eaa
SHA512bbc73c9a9dc8b6c6e72ae1e7981ac9bfefd68f6342e5c1586f62ce92a8126d7f0cfa3aa5fcf905e1dddcd8c16dedcdd3b2a6df28e01b973d652418a1be69cf47
-
Filesize
32KB
MD5b84ca221f49f56ff688fbd77b269875f
SHA12b99d98f4c58523b8c7adf4a2ebdac6a3bb3cde3
SHA2567325ead2e503bb80d341c1796f7dd0851b5089511958f09fcb16dd2af8fce31f
SHA51229860393d2a3a22706a41d286448d0eb10b7d70990f848b1bdbb6f359871dcb4503c4acf3363b8b5addf10ea0289a076085a81669e6ce97801214fd085001ec0
-
Filesize
512B
MD507420d963ba5b9ade7f26fa36efb47f3
SHA197a95a2eeeeae3ef406872684536228bfd774642
SHA25617dedec7bfe7ee8bd8e2cc1a256ab23135b777ac18efee252df5028054959cb5
SHA5123c353cb75c37ea4b13e6cdec64a517053c79d8afb9e27de048cdba05d95ef1d153ee7776251d688ca74b1da468d29dea598fcbd3733bccb8fa37c2d1cb09c5bd
-
Filesize
8KB
MD5fca780e7b098b016b80f8e3f16025312
SHA1031ad2c985d59a70d2622592a0f4e54014d970fa
SHA2565b078113e125ad5efa8affd0b0e98fd607fbf65084f725db1f5e51e39648cc08
SHA51216337bf8274a43b0c14058e262fa12b83600cc14d70b8a60f4cf487e58073fbd78a920681c7c8d05f1ed703a7929e5b9ce51c958f17b54a7825eb30cbef3e2d8
-
Filesize
8KB
MD555829c0a1faceaa4ed1d1228c4cfd374
SHA1b437ed8c0d61dc8cf57c8e8ff0a16390862c4d45
SHA256c1bc398708b0343e6442285db775d0b869e6b44089efb4ac2cf80f1cf75faa1f
SHA5123bbf804b8aa72afaa76af6afa12a94e937ef62e3324c8d06060dc8d2550effe1c10ecd7d588e907e06fc29aeaa26b88511e1601e1e35c8642b374de529fb51f1
-
Filesize
8KB
MD55e7a0c0000fc42103673dd18c73acf88
SHA1cff83486e6fdd3c7bca76e95b3d666096479be5c
SHA25686615c557adfc97b7fe78914a174f7501be5de8c5531c4f04902bce7093df566
SHA512cc39571a46c56cfe916aed8f48bab73a865c42444a553271fae51acd0f1f868929a33af5d3f879cc8ed67faad3abbbbd024ff08e067e99f00b99cad409a5dcb7
-
Filesize
8KB
MD5c633357a40b1d6bb771b7823c1863ef5
SHA136a95e132658cb7859d3a60126639d51061c2532
SHA256d4daa365ba47f818b329dd7db1123a3c1a856d441c4ed79230363d339aed5e2d
SHA5126a74a0ccf7ad2c3b8498d9f07cd631f8d2a47d611e67e6ecd94fda16ef703bff89b562f9fb3eb6273cab73a4bd08b875f29ffce1e8fd5166b05d6159e4f33703
-
Filesize
16KB
MD5283eeb4c1fdd5a136871a1093b2e9bb7
SHA140d2171007e8ab6a48337559a556707c413800b8
SHA2567dae804f1930479fd5bee4efbbd0a08fd5285a526e230045466a707dae4ca5fb
SHA51234ad7515f68bd2a13c38ab2c6a4b945ca3216d03c75e0da86d0dceb33de62e335f3598b8464e8206af91099125495e7feedafebd1ccac70a955dd7cb417e4445
-
Filesize
8KB
MD526c01ed28399732e2a6696a460c6ecc1
SHA1e6188669f897bf510750714efc432a35a4da5b4c
SHA2568cc9b6c92c8a780bffe159b1434c81500118744570f9e576c7e647b33a8d1600
SHA512b459bff4d8e8c35eb13b3e14dddbd8a2df29898d183a124c7bd3af08c920cfb68bc005d9353314d7bced0e44feedba9d90fbf90963b0185b9d554b543a75741e
-
Filesize
8KB
MD585692ab2e258cbd355cf0787b1929ccf
SHA151b584314665f7e12782cfd8b407d8d3bd10fc9f
SHA256370b34311c852aebe505205657e189ed797002c9a91ac53943364c09c7261866
SHA5127af5b238b8f23910b99afd5f8ce0c4475bd565e163dae6a1e8d246a3d57bb770126fd08c6f0ba55d3bfeef677f1e8a727763b3c69f8c04ffcdb277c37ccd43ea
-
Filesize
8KB
MD58479b2b4d5cc4fa4c6e416f75cd4c6c6
SHA1b62adeedab2899d97fd846cd65fe212f038f221a
SHA256725cbfcf6315c152b201be2306690293380f26a5aee8d8aa69b7dcffd8ebbaf8
SHA51263bedef059eafba705416c1b2579bbc62e9276bd5c6e87da095f950e0ee33f44de8a4c2d89710194d5988791b86001ba945566063ffc396159e5a05de9195dd6
-
Filesize
8KB
MD577435857151e3add3990a18a08c6a7e4
SHA1a8e580c0ff7b0e73af65ac9084613d3a3285ada9
SHA25684a2dc1ab0b1b4ec464463544ef6c1f0266200a37f1cfcb18a2ad620922479fa
SHA512df2b0742f0a29a116a0474faf5d0fcf89b151504bd446bb56c19d2093977d38371ee0b44ffa55b1fc67f64d97f3a7bc0ebda014277e2301d77c06d3db415a908
-
Filesize
8KB
MD5e1d3826b13be7b7bd17c978ca1f3902e
SHA1ae650259db9adc1cd5c30507747f96355683247d
SHA25633b791cc1246d1f2aada3791f8d07e6e2ea41e608348e644f58a82920c9408b9
SHA512ca7f083f98f26a14d6120b28d3cbacdaf1b01a40c4878b595d19ac80d5351a726963ab00075ea592f95a92148674a54da182720623de74dbb46f4799c916c77e
-
Filesize
8KB
MD5f99729929c2fc369f740430e2c5ddf58
SHA1da62d90af9890b228687c056bc1ee03984dd617a
SHA2560b276c6b2f590b1761337575126f3769778057aaaebd0b6fbf3ea60f55420b49
SHA512e7e7f52fa4fddedd34729f4ebabf1b0a386035ddf3ac16735bda6daed3724b5d8643ac9ce05069bff7e86be94452758a6be12cf216ef6db0c919007c895470cf
-
Filesize
3B
MD558e0494c51d30eb3494f7c9198986bb9
SHA1cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA25637517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4
-
Filesize
114B
MD526715a7932c207aba1633843df599bd7
SHA1b65b31a0f251803e0e0b394943b373a68e960c73
SHA256ec9f1b98fd68287424483ddc1f763490f8abd0cafe068f488380e1e32cfa1cb9
SHA5126834cc31140d547a0f61ce25be353dd6b39fc77a97006a0bc465e1bc69018098b2580ab7447fedf931c41be61ebc68467a55799c5048d4913814213ce98a461c
-
Filesize
114B
MD541c71c93e021e4b52010d1f4eca66274
SHA12f80d47d310b3e9a9208599c3455c7e158bb8c41
SHA256cfffa6c47bb20f55cf0e47cedf5a72bfbec346d47158fc85e5b14f9863ed2069
SHA5123f90aaa94c0c74c3f8310b3091aa7614222bb3ab6b31b8ca5645dc9bd68f5d2ed902aac6b50c3c15aa885b1498fd73cb4919a38e7e47733b9bfc0bd83a1a96da
-
Filesize
114B
MD55cf6bd62fa12cf6e11c1ad937af054f4
SHA1058c7808957bf5adca44d4be8b33c232a117000e
SHA256d35148eb0594af8163183f900b3fc9e40b02237d55c4d359617852844bd631b7
SHA51240bd75a9f3a9e5a8cb634cb4bf40ac3ece5495b9f90eeeba3c910b3bc0b828f277c09f3deaf84f7250c265e3efbd5338d0b6a06422cb872fea75729d8fc0323c
-
Filesize
114B
MD5dcaf30ecc08f24b118cc399a89ea656b
SHA19edf4b99ea61326f2292ec99002dfea4eb2dfa03
SHA256e249f427184b7d27039662f8210864483800588c4b3b98dacf12306c8177d75f
SHA512cf1a26a12ea2d387764b02bf28c5312800ca8dea7c95bde2e80b986c7b17f32959ed46105030452b803f414fce8180b6f9234df2b0638d34a6a7e46ba7330cf7
-
Filesize
114B
MD51fb053fe444da2e1508491483dc546e3
SHA13d465ebc45f7327c4d7451218e0ab14ae44b4e9f
SHA256901bbf619dacb0d8a4ce8954fca6d328bcf43eb95cb82af5a928af438c6080a3
SHA512dfb08c90589a046dc6a69bd6d3982a4305e156aa671104a6f9c6308e10e304f08ec65dbffad19c6e685c596b1e2b7c1b5ce2c32d401ec320c43d718e79ea63b9
-
Filesize
114B
MD5b25ab57c6027cb27068c2e98156426bf
SHA1f5f9609695bd53dc2495d095c089829c85c0a934
SHA25693533bb62789595b53407c4c770c157f710a5e4fe5c1b17831ae5fec56f28327
SHA51265b0879f1d6ea62d41a7ba6686855ee4ddfb50cea633304fb52b5f05dec796c200490e785bfccb53a3bca819c33cbb3defa15803c727cd37c2e059c9a4643cec
-
Filesize
566B
MD57a8128db5619edeedd93bff0a8783a64
SHA185cf882ed89e221005befa16fac27626fcf40758
SHA256e31bbf17e3ecf4712e8dd75c14106c00b8e0c70a7637a596c45652e2c9e9a13e
SHA512cc9d22de73d1d88a7278b9f261cee41af25c1f7ae48f6e693b2ae2668a683046018f4603436ddb2fab96211c0d2997fa6c7ac440352124064f913b74c42f2868
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD58f651130f3346357b918a43d6854600c
SHA1c139fe19d9ab5bf38ca3fef577c5744c94191c6e
SHA2568114a51cc598075b98e01dc479b4e8ba0335663ef9761bf14b2aa0f7f463a16e
SHA5122b203d22e7811ecb82f2f1bee6c121dbe2a5e86f307765efce7a943fa2f53d9a795153e31db7eea39e536717a5dc67b07a2e38dc299025057eeb8cc26aa2e743
-
Filesize
11KB
MD55a5ff491dfeb1930510c147197d42854
SHA15b999b80c2a4d58b59f53f3b713fe5fe24cb82a8
SHA256c0e3330bbded7f8cb7e098d9b2e82e47595b924a85ed824496ec6fd1cf0050f4
SHA5125550e2df15a1bc9e8aabf9b702490af8b85a2f67d2f9d1e4c76157b28ebc2188ba89be4775c77e65927426ff45acb3092fb952285861a68f577298f23dcd70df
-
Filesize
56B
MD52c942d75555af448c63dd39a287db7dd
SHA1f9705aff7ef79e3a92c8d04e5e8f314d408a8403
SHA2564bede8241018053ab4f7f78542871f4a614e3d36f1bd59b2429f6c2f1fa2d63c
SHA51257b8ce405262b175a6d97213ffeeec21a460a319ef8f1c54587b10b8c0279bc54d7242eb410dd776a054bf7a791dd7d653981009dfec5133e28bd2d29a60c2f7
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574
-
Filesize
12B
MD5e48057c3603c907cacbe1568a7dbfc41
SHA16e100086b53e20e499a9be069aa1b452faf82ba3
SHA2564b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a