Overview

overview

10

Static

static

6

bc019f3a99...4c.apk

android-9-x86

10

bc019f3a99...4c.apk

android-10-x64

1

bc019f3a99...4c.apk

android-11-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    165s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    24-08-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc019f3a99d9ae74a11a687b22becdf392a591c7e9d942bc9986a89c8734074c.apk

  • Size

    4.3MB

  • MD5

    777e967cc20e6a3cd7ed8f6534f25e68

  • SHA1

    e41f2f8b87c38865b60aed52c7c1fa6131cc153a

  • SHA256

    bc019f3a99d9ae74a11a687b22becdf392a591c7e9d942bc9986a89c8734074c

  • SHA512

    dbc66a87f31df000970881b4c7d457ba8763ad0a2112b3262a7d212b00dbccf197bc69acd8e5decb9cffb4b99a1bd8d8ae21cbc9dc4b89b0443227cc6b6f0d2f

  • SSDEEP

    98304:awEsJsucv+SyogYG93PLwfPHdmRqccbLt/i/o3aF+rG7O5:aCmV+vogY03UfPHdmjcb5iQ3lx5

Score
10/10
anubisbankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

anubis

C2

https://google.com

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4254
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/classes.dex --output-vdex-fd=41 --oat-fd=43 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4283

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/app_mph_dex/classes.dex
    Filesize

    7.8MB

    MD5

    4abd076b62015297ab751dfc75c9789a

    SHA1

    92ec5965cb57693a80731f948e12f465340fd6ad

    SHA256

    4202d90128f1e82c8181ab70876e3159295037e62d16a0b572d2b635a8a6a8f4

    SHA512

    022889c959eb62e5ac7ffb2147d120357e39241e3a101c2e49912a9a5870fc2b2a121340fd3e2ed2a885fd5fc4dd7e7cc85df2e53f5109c24427d0a6edd9d05f

    Download Submit

  • /data/data/com.tencent.mm/app_mph_dex/oat/classes.dex.cur.prof
    Filesize

    591B

    MD5

    1187553a9c838047d7309935a2a388a8

    SHA1

    13edf0585d56836caf440d754243082ab1855bdd

    SHA256

    d381840b78fc1a46f4865ebbe88e7933f39f313e5dbd05fdeb29fd8b9948e1dc

    SHA512

    3fff4809eac9ac183f34ed96c3396088a2d25a7124e578bb6888d57542f2a4ff4bc813cde71062b62249ad5993d24bba568a741436ff75d3860c46f89b6240f7

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    5a65629fc9ddac636746f1452e89ab6c

    SHA1

    569d463ee6d6078cef051bfc929e10afbe5a0749

    SHA256

    e0628a5fd5a514db4d2c73cddd10b8dd7b5a283fff63afab0026b271ac51c6d1

    SHA512

    40d76f3284bc857f0d463736b6d63a3cece1e2a66ea73a3e5105aa94ac9f44854a2942dcbd7e4a0e3c3eedc074a2d332e461345099b13f0cecae96fd702a1772

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-wal
    Filesize

    60KB

    MD5

    c83860a9c678a0778388b406c023f156

    SHA1

    d43903eb7cc34ed562da8b000af17d500b6344c8

    SHA256

    45a62e26f3d76e160499ce7569e02a266d2269fc57e9517e4628204508e55737

    SHA512

    b15e5406d45ddf5a04e28db589fe8a945242664e8574f3e2a2119d98d76d28f4ce8f90a22e0ff9d6e3035df5c48b35654a57400e03684d73ee16cd63c3d22cb4

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    50279cbb8c09fe270edab191a3fce7df

    SHA1

    12859d150ccdb5f6748d5054fa74c8d5245f4bd4

    SHA256

    d84f5966e4793b17dcbee8d3702cfca125968918b283a2c9efcddc5a6672ae12

    SHA512

    667215ec0df371275af305e4f64b511c7f3f7cbbe4d0ccedc794b8e2005e6f2ab2471144975b7ab627c4cb7818625138e2320baf99cfb8e98b0cd48691d4f44e

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-wal
    Filesize

    44KB

    MD5

    4bb618f34dc20546b3db6850978baa96

    SHA1

    adb5b13a3e7072028ba322f460e5dec90fd46bc7

    SHA256

    3953df84bd7a24d2e49d4fb41ba275fb68a8abc137413a178ea45eeb0afcc27b

    SHA512

    ba500851f0e060ffad45a1ce14a4c474c92d1bce49354c3d1d32045313ccf552c4b9d14304e3afde2aa5a7d31dbb9124242b709fc7f0f677d9d999c2487148b7

    Download Submit

  • /data/data/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    116B

    MD5

    df86c3b63775d352063f119dcbbca854

    SHA1

    166e0410fbdb6c741bc85bd229c5c71e9c85cff8

    SHA256

    cee14c32d18ac5fd4f27f2b4941fc79b300fbcea095bacd054839ba6b07ad697

    SHA512

    9f9e2301e1e7138a0a986ed3bb000408c2c548fc1a9fa0ca804b385578ad90ab8d381ae265a18f24262b37e8bce61ab3490fce5b3764f5c50ab14a8d6dfe977d

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    387c18eb161080f1ddc8326bd85221db

    SHA1

    3d49ba7daff1c75ac2e0e876d720376050342af5

    SHA256

    cffa6bd7383e21a0de2866f877575dde863e1c5d03c5f1459c7f201001120acf

    SHA512

    3cf4fc73d147e9899b631054b4d24da9084d4ace20578b8a2d6d5012a42d3d73cb05fc15b9f7d432fe99ab75542e61fc9fc9540e6aba84839b807b2783ea0afc

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    116B

    MD5

    e91d0d8f64f0462cf7a91d0dd34ed5d5

    SHA1

    048b8047c2726adb1784eb605b26e550c6fcfad5

    SHA256

    19c41809e492386fa8096666657c80b9b492f282591a58865ddb3e70187b756e

    SHA512

    58a0d1bdb9a2f80966aa1f7cacc1b6d00e6636eb9e53de9659e04621f1e9b6c9506d6dcb1c11860906685f8949603ca9da3ad346567f7c06ce8e0aa413cebf97

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    7af61678414aeaddb7ee0178b13f37e0

    SHA1

    bd68c54f24e2c5ef044686124e22319eab71590f

    SHA256

    a25f51917bb30b2795b2c99f9bcb1646cbafdaf92b9540708b8eba9775d0ab15

    SHA512

    80ad383b2748e722a72ff6936e1ea4226e3ba2fe63583bf216742bcf9cd034e6a29135cba5da85d4282bda721c29e4c33b899a09b1f2080faa7e814462b7187d

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    281B

    MD5

    db27042a791e7ea0a5119f1bd7ac08c3

    SHA1

    1f86825257cf4a4392f7ead590878a67a52da962

    SHA256

    be38a3a3736c914d7e5f6978058616cdef33304f2e47248907a7a96914568ce3

    SHA512

    421d977a29d64219979e358f267822623f8f9642e99af4c9fae7488488b5c016c56a1e1efc716a4e899ab1ca46ca55e8c75f584657d4f2b9703ca8d681fa548d

    Download Submit

  • /data/data/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    609B

    MD5

    f569cbce060aac0c16680fb77d5d2693

    SHA1

    4faae45e81f8f4e3105933e2c463e525b28eeda2

    SHA256

    c9b9a4b6223e3d1175b254e7e022beb2fd6ed8bff23d38e60528d6955c57607d

    SHA512

    027da0a9a75b039400d08efb90893f6219bb9b59b1be70ef9955b4bd192501412c4886c55702ef37659b05e1264951ab08d44488c25adebd8779e852fdd46d95

    Download Submit

  • /data/data/com.tencent.mm/files/pkinfo.txt
    Filesize

    5KB

    MD5

    b347f6188ee025209e17f01cfa375d5a

    SHA1

    098682537f524c32d6be1e2a99b6a8a3e1b320d8

    SHA256

    7fece2f8e545a48c3b15c5cafa9a903c9bbe86de0320da217e856566bee13bec

    SHA512

    88a026ab14001c6ad2c51432870691bcc2c95d2e1497380af1b1ce1c80bbbcc94a4f6bccee31a9edfec3ccc634a89f0b910b0ee0b9a75cba6be555ea37d52ffa

    Download Submit

  • /data/user/0/com.tencent.mm/app_mph_dex/classes.dex
    Filesize

    7.8MB

    MD5

    ef5dec4759a1e6741fb952343740e424

    SHA1

    e72c08723ea54457a1fc1a12cc70f6920fc0c17b

    SHA256

    97a19ff67ac7cb82fed511890fdebdc16fed1c7075bbae7d719d2579dde9ddb5

    SHA512

    1fe76756b12e55ef6d3cbd96e844d495b58e4cb390c8925188e2dac335600db1d7446c1516cbdd04dc5a54bfca9b60a26e1ae0ac5400a63fa1094c25cadf8b7f

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-24.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-24.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-24.txt
    Filesize

    267B

    MD5

    cb0b0c34caf7d1ecdf4b2c506fd566d3

    SHA1

    80f7d29156890eca87a10ca1b8fdece867d9b7cc

    SHA256

    a8012788df8b83994d196fc55884affe5ccbcc27de5550959b57cec030d3c1ef

    SHA512

    a6d462191b37097a75d0c0a9328e94232981d69ee610ec9fd011bbf636bebeff6bc9a51d8a3936474c1295dab0a7257ee1122c41f926f090e7f2428c2626f484

    Download Submit