Overview

overview

10

Static

static

6

HACKING+SERVICS.apk

android-10-x64

1

HACKING+SERVICS.apk

android-11-x64

10

HACKING+SERVICS.apk

android-13-x64

10

HACKING+SERVICS.apk

android-9-x86

10

Analysis

  • max time kernel
    114s
  • max time network
    160s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    09-08-2024 07:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HACKING+SERVICS.apk

  • Size

    4.3MB

  • MD5

    4d672905d243501d6903202bb7d8a5b2

  • SHA1

    59785a69de9ad9ac694fbf448aba8c7a0d37e61f

  • SHA256

    9f69dd4e449a43b6009b716c67c6ef8cd75a57a2d5d1ef02b1004dcde5843bdd

  • SHA512

    30989916494f0ce2ea47b6f737d5fb4ea883b1eb9e17163934ad4f92e39c1cdaaf3adfc31d6a9d45f96ad6129b2752709916f451b692096732ad4194e5656f72

  • SSDEEP

    98304:FhE/s8cG25/IwoLxSAMP0+DOIZsjoltLvOr1F35EoorG7Y:FJSwoLxZ+SIZs88iR

Score
10/10
anubisbankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

anubis

C2

https://google.com

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4221
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4250

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Connections Discovery

2
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/app_mph_dex/classes.dex
    Filesize

    7.8MB

    MD5

    f72275baa11d6d97268f090488b52b13

    SHA1

    0886cd7e7d6c612e9512276ee868779322e123b9

    SHA256

    cfb1c709b22f50da8340f6267cff722da29f77bb88316df0360c0209b1e78eaa

    SHA512

    bbc73c9a9dc8b6c6e72ae1e7981ac9bfefd68f6342e5c1586f62ce92a8126d7f0cfa3aa5fcf905e1dddcd8c16dedcdd3b2a6df28e01b973d652418a1be69cf47

    Download Submit

  • /data/data/com.tencent.mm/app_mph_dex/oat/classes.dex.cur.prof
    Filesize

    593B

    MD5

    ce3f84fa5a1f60cf7fcacdd44b805ea2

    SHA1

    2c79e0ea6ec4144fcc186e77606d23665ae702f3

    SHA256

    d288a239d2f43a82ae4174220afadcbb83a5a6096e8e6be59ccf26fcec21869f

    SHA512

    7e2d05f02f677bcacde676ab849bd230c36aaf631d29b97a96b714a229f756ec84ae43187ccad7f0597b7a4f1dfdd1a55e4babd365a53009b2f3fba7726517c6

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    6d89a1df430209117c7120888b6905fc

    SHA1

    7f57de6b88c1be1dc5df8b2587bbd2a397d30219

    SHA256

    d2f7edd670d8011a9f758e74d38584c2d3a49b010a42e6abb323369bf3d829a0

    SHA512

    285a04f2b6df4715eda909656e9793c7322f347fd201315595462a593183ce1b89f399c39f5806cb12905f38c988f62bc5f96f106874c92a46e078b488985292

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-wal
    Filesize

    60KB

    MD5

    6a2e2a09bd1879489375811d371364e1

    SHA1

    9e7289e370e02cfb1ebffd7ce9ea52229c65ad85

    SHA256

    4a1d4ff60f81c0f280c37ce6ad74bd51f08a37063a232df18883cf167a1e5b24

    SHA512

    27df6722f3260d7992a0f6927c22b41de60a5eb036df24fb43cf34a39bb926028a94d2b9b208374ede529e4c8f7010bca87fcf669c91a5f9906483f580b31516

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    645a37ba5568e33148b728a4ee59b4b3

    SHA1

    6b77950ce9b3c6e55d254732d82a8e8adc34d422

    SHA256

    56285005a60b0df23d7c3ce7c19b5a3048dec28a3abb4c6b5e3c967a74151e50

    SHA512

    3a4495b6625911ea796f6496ac691d06f3a79ea2106fd6ae30e9adccdd8ba4b420982ba0183758c13e6deb9d5fe8c85581a315d4429a6b8b4426361c2d817f01

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-wal
    Filesize

    44KB

    MD5

    a5e4d32394e2a6d4b6834157cc493e34

    SHA1

    79a9782726f20e70bf77cd085493e6a627890bf7

    SHA256

    81e5efc40902e6799bcf519c036ca9b007c730bd4ac9c8d83212d9fd514c1f2e

    SHA512

    cc7ac8ef54d34a2448bac9d1e4ad9d38eac7fb51b78bf93221a5af456df77b7f8f468e3530e29d5f4be9aa7d1fcc7eeaa8578a8e975105803aad899b7abb8b95

    Download Submit

  • /data/data/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    116B

    MD5

    c6b745a050977648ea384681f93dadf1

    SHA1

    270fa318493ec6ad314311cf9d47c3eeba7b6f01

    SHA256

    8eab3855c8f7cc712a902dab89c73bf8ef5a94ba10c8001566b74ac029ac7e05

    SHA512

    eac88013bc11919032ff360c693bb5b53544b440b21841fcdb1ae1b1ec7d9e8f021847b385c736658cbed973ad850a458ae0cf0639b9ce637ff723a9832ac1ae

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    949ece811e1a17f79cfa35af1c376d83

    SHA1

    78c226cd6bacbd6a72dff1e5c4bbb914346cd7f9

    SHA256

    899c390840768ba68a08e14059bd5c864b1323c24bd83a42641f14b1ffaa5c2f

    SHA512

    98507eb2b65f22accddf5f37648d5aa8958f81059532fb7204de14cc477c429e0b6db6f4f80b12aa038e041270d20cffe8ff1a605341b865e3978602269a9d38

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    116B

    MD5

    0b0179a6c6b6b99edbb4c444c14ac9bd

    SHA1

    56bc58a79d58b562c20c62178e06fcb997fe3d86

    SHA256

    4440a8d247db3a2e289b841629f6fb9b9e8d1a68a7886517eff33c78e7a0b41b

    SHA512

    8d190326588a5b919c85f22f4ef88b949f07d73912094a30cd0edcbb6d98287a14c42cb8811cbd41c874fc9a76fcf5af4393d50b66fcbcfc45b2142abbdc2d5e

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    ef3d6c8526b1534eeaa6da01b0d701b6

    SHA1

    1223abea60261127a26878e88df7fa9181da6bc0

    SHA256

    c905cedbcc162280812a599613f5c4357fc2b0b8628d586c310acccbb8cc2cbe

    SHA512

    c90d3f01df16fe4e1a5f17654558b2ca47fb1b9f74e3b4049b2c3e166735691e369d8aa9137f52dba1a9f16bbd304600ec2ae126fe9da67184240cca6ef89a50

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    281B

    MD5

    cb20f1c0595451dcc39faaaa8f09cba7

    SHA1

    ef159569ef2d9fb75b6913648d03b8ab2bab716a

    SHA256

    7dbf015a9ff4dbe69d3e13ce5fe08acd1807db94ea2921028eeef193fd00f425

    SHA512

    22ee04c8d55c39a37e33912115bfbededfe3455beb3d590dcfe36c6059d5578123f3b492c4cffc560fe698e31cfb74177e67e3ec32cff92dc393854d972c6816

    Download Submit

  • /data/data/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    609B

    MD5

    0f1facff53f2405fb9c25f4d53b28424

    SHA1

    cf301b8668b998d21f42666d57142209ae0bfc21

    SHA256

    57e169a5e3d9f0ffc780e36c110e4a1d0954ff63a885a86de03ca466a6663e5e

    SHA512

    ef9590b9084bef2fcd1ea9acdb0420c0e06745aadc367cbf7a08499d3a979de7fd71d96fd523fceb3ba64e27418713e7078c0d804992bed275d6c36819d7e3a7

    Download Submit

  • /data/data/com.tencent.mm/files/pkinfo.txt
    Filesize

    5KB

    MD5

    b347f6188ee025209e17f01cfa375d5a

    SHA1

    098682537f524c32d6be1e2a99b6a8a3e1b320d8

    SHA256

    7fece2f8e545a48c3b15c5cafa9a903c9bbe86de0320da217e856566bee13bec

    SHA512

    88a026ab14001c6ad2c51432870691bcc2c95d2e1497380af1b1ce1c80bbbcc94a4f6bccee31a9edfec3ccc634a89f0b910b0ee0b9a75cba6be555ea37d52ffa

    Download Submit

  • /data/user/0/com.tencent.mm/app_mph_dex/classes.dex
    Filesize

    7.8MB

    MD5

    c56b8aeff02349739538285831eb5220

    SHA1

    347c83f4ad7daa10db76f349b6e001dee221f129

    SHA256

    4136f0bf442c673ec4dcf322d991aef4a430bbccc09eb57d83f4c2f14bba84e4

    SHA512

    f22564b00c6a1a40e1e08622d94b97ae272979b9829fe9e336ae6e12ca7f4691e1528aa0aa4daa62e336c91ed2e0663d98aaa99cdc3f24d004b4175da08dc88f

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-09.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-09.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-09.txt
    Filesize

    267B

    MD5

    cb0b0c34caf7d1ecdf4b2c506fd566d3

    SHA1

    80f7d29156890eca87a10ca1b8fdece867d9b7cc

    SHA256

    a8012788df8b83994d196fc55884affe5ccbcc27de5550959b57cec030d3c1ef

    SHA512

    a6d462191b37097a75d0c0a9328e94232981d69ee610ec9fd011bbf636bebeff6bc9a51d8a3936474c1295dab0a7257ee1122c41f926f090e7f2428c2626f484

    Download Submit