Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

6da7455687...d4.apk

android-9-x86

10

6da7455687...d4.apk

android-10-x64

1

6da7455687...d4.apk

android-11-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    11/08/2024, 22:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6da7455687a088fa36c41dae265a0a47ec1d6e245a980f7a4e5d7dea1c823ad4.apk

  • Size

    4.3MB

  • MD5

    14d0c33d315f6a352e949351ad371ab5

  • SHA1

    77fc3f0b5365792735268bd4fef8de56468a12ec

  • SHA256

    6da7455687a088fa36c41dae265a0a47ec1d6e245a980f7a4e5d7dea1c823ad4

  • SHA512

    46aac4e0db1899bc8eaf53981f459a6125ceb3c965c2fbe8f970045039e6238cfd807b4a43120217857c8799965878cb6890cd22b667276e32fa95617e863653

  • SSDEEP

    98304:0EErOH3BDuW/iXTgS1X+nbhwnRjb62/FV4pv5zMT/karG7Q:0kH3BDu78bindb62//4HS/PJ

Score
10/10
anubisbankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

anubis

C2

https://google.com

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4221
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4280

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/app_mph_dex/classes.dex
    Filesize

    7.8MB

    MD5

    12e509d87e236c935a00f09fa91e5ffd

    SHA1

    a192c084e896897c10b5d1571f4dbe9be74ed336

    SHA256

    e73f2e1d8c2733940800d5807a8a035906f0c57428e95aabe44e4945479d15b9

    SHA512

    a344f2d805b3f2c73eb293f42179ab0c670312874639e8b82cca0ca32342fac865a4afc3f365a261a8cac62abe5c8302049d049dc2c64c6f329ccf08da8aa7e6

    Download Submit

  • /data/data/com.tencent.mm/app_mph_dex/oat/classes.dex.cur.prof
    Filesize

    594B

    MD5

    70be700c6f5ea169802fe291ade6db93

    SHA1

    671a51baa84a33fcebc09a84ab74dab81611768e

    SHA256

    f406e67a041001952cff6bed03f6fa89e772477e236ffd99ab3149df36054ade

    SHA512

    b90a1b52efc9c812fa6df2191baa962f416a324498583dbe306c70710944f4873d35b29f69fcf5f63befdb03fc7acb13bf72275928547fd1ea27272a43b70b1f

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    3501c7910156e165edcc9cffc45ee3c3

    SHA1

    bc4c321f18d0e08b23087ee4bf2d53572be3126f

    SHA256

    4b1bda5ea82e97edbbbfe02ac3b9225bd71a9785959c9c25514d4a710a65b26a

    SHA512

    95d3260d92ae1e3583eeca82030c93dcf3fb30704ce570e732469cb574ed83aa3a46e2532b8424026fe97966bc6f901e1b448079a7e1220c19ea340ed9fe7f78

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-wal
    Filesize

    60KB

    MD5

    1566a3bab846fdb0526979201ba4a18c

    SHA1

    e27dc631e474a0b2826a05ded8c60496ed1a763f

    SHA256

    fade5a9dc94ae64fd8d32673e62b57bfad41712564044223ee1286b233ed4a2d

    SHA512

    706c8df37933a5a242d08710cc1f88d36c1e4d4630a63f74ce0ab01ead6f19d6903c340ba8cacc7c895c024d79c2952aa5358bdcfa0ffe4b9e978abe92a4dc0b

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    531b072e8cfa541a70815ea84f2bf4d3

    SHA1

    a564144b6f3b4d28867eae344f4fd3db0e4d0040

    SHA256

    e705bcc618f03d9b4deccb9cebd1364e4ebb3e9e1b091da97fb5febc7d8b5810

    SHA512

    2b28049b1ad9f362b223efed66e29ea0bfa7bc67ea6f0a5674d05ad5bae0b47245098ccc39d1015003f5e4726d270cca95094a8146e37e263670938d1bc72b09

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-wal
    Filesize

    44KB

    MD5

    6cabdb7fecc6df2c28808c26ff1383ea

    SHA1

    eeaf5e88e21e4af8d27411ecdaa86f1443ca7d7c

    SHA256

    5984928f3d39e2200856f6e5bfa29c2e712726abe31c2316f9bb027c15830ec9

    SHA512

    f828bcaa406b5b1b542257e2facc1421e454f065d0fba1ac4b76d9eaf7276f2f8d7281380f11f45c4690dda07967bebbd53434b4f1fc68c5557ad8183ba9ace2

    Download Submit

  • /data/data/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    116B

    MD5

    e67f992e8f0720f9c5172918d2b0f8a9

    SHA1

    77019e71e364affa792280e3a706bac41e2f2ea6

    SHA256

    84ddb72b655be7e3fe57e57cced0b967fe7caec0f992a91273ba58c3d09ed42e

    SHA512

    f0198128fce1b9635050425765639017a8de3a74dbb35a143fed38d9758a7c9d969fe7271cc6e2b65276450504396178174d16dab19ded6d3ceebceb876f4f97

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    1bbb75eaa54538566e0104ac4b338e0e

    SHA1

    06a850f3bd05db6172780407c15c799866681f0a

    SHA256

    30641ec68b7d458ade3d01d9120c9ac58f25e98a3301e109d2ec65118ee5ccf6

    SHA512

    b6b2285c4471730369c3a0a77a583c44fc00e80f670fcffd4aa40cfe9b99e3f5661f4e4702c40feecb032f1360d0fd1b0000d664d9a645de7c3d67d5b70e0ff6

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    116B

    MD5

    9c4d0465a170d7b295c22abf1ba2b9b6

    SHA1

    8c2b3fc50797421d5f4f9f03505a298641dfa54f

    SHA256

    7d9c57cf12062426265a17a785b715d3b7d49aec15d67547a3892b16753f0953

    SHA512

    119e4fa416ece61ed628108c98a3cd877d1f896cd901c988c9876fb25bcc4f2d9e304d08fe0e3510e1dab3caf7d2fd084dfbc51f214da96205e27f3023e72141

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    6dcf66ddc71d6b9797a3d24da53faad9

    SHA1

    52ec9dec2c6847d13c437626b9ab2da258fc6342

    SHA256

    97226dcfba249ffb8a5fcc72d754bbbd2469f2919f5b936c166b632880fc5d1b

    SHA512

    d3daf5f40af9af8b76b9aa0cc469b027048803011834e38e12716a34ace07fc0fd9f26e4501e954ff0e988bcc711448985acf3e11bdae44deb9ddbd7c3a71da3

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    281B

    MD5

    6373cdb16e8a1dc2fbb416369b233a4c

    SHA1

    7069a67d2cb4587bb16ff5664f923265ca2ed16f

    SHA256

    dfaa34734b1f02ebd4d56295c7d984236b043c568869f3d72bcbfc7736b831c8

    SHA512

    9f46e50f68740c772d975dc84e3a4bae32741839aea6d2fce0507d61dcb4f65297aae1c572f1320aca67444a1dd04b91953adc044721e9270cad0528a4fe052f

    Download Submit

  • /data/data/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    609B

    MD5

    e8ea072b4d16d5268e2fe829e819bddf

    SHA1

    e062539781955a7d7b774ea89232dcb2b2cbc636

    SHA256

    b24ee7e39628b8e44377a18bcc4a47a3774d6257598994a6610887236bd2871f

    SHA512

    6531aa6641141baad7589caee7981ebfa7b0405ea1cdbb5e383c52a915ca9f6c06c4af41e57363aa24aca1d37131944159b56517c22c8b55397220dbd496a392

    Download Submit

  • /data/data/com.tencent.mm/files/pkinfo.txt
    Filesize

    5KB

    MD5

    b347f6188ee025209e17f01cfa375d5a

    SHA1

    098682537f524c32d6be1e2a99b6a8a3e1b320d8

    SHA256

    7fece2f8e545a48c3b15c5cafa9a903c9bbe86de0320da217e856566bee13bec

    SHA512

    88a026ab14001c6ad2c51432870691bcc2c95d2e1497380af1b1ce1c80bbbcc94a4f6bccee31a9edfec3ccc634a89f0b910b0ee0b9a75cba6be555ea37d52ffa

    Download Submit

  • /data/user/0/com.tencent.mm/app_mph_dex/classes.dex
    Filesize

    7.8MB

    MD5

    bb73b0ac466e25fecd4a62056c96f7d3

    SHA1

    355f7af768db06b7554bb41dd51f93fb9fe03ec5

    SHA256

    fca93d1f8dffb5529e7dbc2b29dbd9e04b371a75e830c99cdc420d9821b48f6a

    SHA512

    523b918d53762c18d82cad0bc578e6f283b8da04d852c105283ea414f047fb8c06701a3980ca6d4063578bfb0480b3c0cedb25495f2a7c51e88832d637524168

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-11.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-11.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-11.txt
    Filesize

    267B

    MD5

    cb0b0c34caf7d1ecdf4b2c506fd566d3

    SHA1

    80f7d29156890eca87a10ca1b8fdece867d9b7cc

    SHA256

    a8012788df8b83994d196fc55884affe5ccbcc27de5550959b57cec030d3c1ef

    SHA512

    a6d462191b37097a75d0c0a9328e94232981d69ee610ec9fd011bbf636bebeff6bc9a51d8a3936474c1295dab0a7257ee1122c41f926f090e7f2428c2626f484

    Download Submit