Overview

overview

10

Static

static

6

bc019f3a99...4c.apk

android-9-x86

10

bc019f3a99...4c.apk

android-10-x64

1

bc019f3a99...4c.apk

android-11-x64

10

Analysis

  • max time kernel
    55s
  • max time network
    182s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    24-08-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc019f3a99d9ae74a11a687b22becdf392a591c7e9d942bc9986a89c8734074c.apk

  • Size

    4.3MB

  • MD5

    777e967cc20e6a3cd7ed8f6534f25e68

  • SHA1

    e41f2f8b87c38865b60aed52c7c1fa6131cc153a

  • SHA256

    bc019f3a99d9ae74a11a687b22becdf392a591c7e9d942bc9986a89c8734074c

  • SHA512

    dbc66a87f31df000970881b4c7d457ba8763ad0a2112b3262a7d212b00dbccf197bc69acd8e5decb9cffb4b99a1bd8d8ae21cbc9dc4b89b0443227cc6b6f0d2f

  • SSDEEP

    98304:awEsJsucv+SyogYG93PLwfPHdmRqccbLt/i/o3aF+rG7O5:aCmV+vogY03UfPHdmjcb5iQ3lx5

Score
10/10
anubisbankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

anubis

C2

https://google.com

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Removes its main activity from the application launcher 1 TTPs 3 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Schedules tasks to execute at a specified time
    PID:4677

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

2
T1422

System Network Connections Discovery

2
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/app_mph_dex/classes.dex
    Filesize

    7.8MB

    MD5

    4abd076b62015297ab751dfc75c9789a

    SHA1

    92ec5965cb57693a80731f948e12f465340fd6ad

    SHA256

    4202d90128f1e82c8181ab70876e3159295037e62d16a0b572d2b635a8a6a8f4

    SHA512

    022889c959eb62e5ac7ffb2147d120357e39241e3a101c2e49912a9a5870fc2b2a121340fd3e2ed2a885fd5fc4dd7e7cc85df2e53f5109c24427d0a6edd9d05f

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    1854505a3f6d683ed7eb81612934370c

    SHA1

    4f710add9a652d2fb92b7ce45589e27bf03f0b2a

    SHA256

    8100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4

    SHA512

    104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    052ed23bc1eea2d71138bafb9603b36c

    SHA1

    53c83ea5344779f1ce9aa13666bf89f09c5cf6e2

    SHA256

    3a20c3c8d76c911a1ed7e5454de808e7174228ded01fd68dc51393910f7edce3

    SHA512

    575145f17f3e9eedb391183e39e7e0278e77730bc3cb8225a9a84270fd9ad5e460fe64169aea1d5b31cf1799548023af2e0109244055d70c8ce0beea627ae40d

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    ca92e378ad2056b04888f21551b3fff1

    SHA1

    f1329fb81f8b58c38b8c80c99cca1676cdb7322d

    SHA256

    58640625caacbfd7ee3f0f55b706cb0da1e008d903ba228864b2d1b4f92c96cb

    SHA512

    164125621f73c0c970fa550ad82d0b489ff938a93fbd1f5b060249764045c4f77c4a54db237cf1e35db93fcca670de2069ab458ea73e3c7394c70282fdcce99e

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    0baccd1c3f5448b5e402b13e04cb6593

    SHA1

    8ec486d5339d2859648f5076646eea75ad4a4048

    SHA256

    4d64ff528c92804b4832514fa24fa4067048659ee0ee8e6f5745c730c5fe4434

    SHA512

    fe152cea66cc0698a6f20f8697d0a28dfd80e0bd09bf17bd222048c1bf83b2d660351d18d039ddfba057b3f0aee69ccac3fa7b4391561113ec11aea97f0ab52f

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    1bde3b74e0e074d2145791518bb4b7b7

    SHA1

    d4bb332f3c77d1ede2a9cf3ab799587bb86af326

    SHA256

    636977298419f297e262d57b130d4bfa9ddf63303a8ff7f351d964ed10bc293d

    SHA512

    5d3384ad0969f93ad1db4e11d60ec74b762395614ada4d01e6a8789c16bd56e2a4a5ab50a372ff7e3c27018569bf7cd1c36e7b25b81932e645e29a3dbe2a1ddb

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    ac6873057a2162ac43b2c3a4fa85f9d3

    SHA1

    9fac6a67df0eafbc3fdac45e2105fd2c45553ed4

    SHA256

    cfbaa225c0adf14001ec3cdd06b40c210aa19aaee437c8418dcc46e96b7f139f

    SHA512

    859a8f81489b1c88ba2bf1e3bf523bec708a5a3ddd015ae7cc2bceb195c333eac21ccaf1e89db484c04b4104812609b2fcd628438668edfdd66dfc60894df36e

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    6b43c76510d4f242414e0c58672a9904

    SHA1

    119321c29afa5fefaf5a9bd9f6fad8a880b482c6

    SHA256

    b63c2a1d15fe115d3c04436ee18db656931db16a7792a6fe8baada3da1b7cb05

    SHA512

    f40256081748dae8aa43751886d35e4b38b87244c7954152980bcce8dedf1fafc2cc030313c41a37b7571b154e79adfad9b96945399d9152f3f9e36e13d8ea2e

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    a25ddd5fcb6edddfd30de2443d8079d9

    SHA1

    1ea9d4d387b9194289db797774c40f476f43a662

    SHA256

    7a4d545d89414493e3e20fc9c3566c3c6b27a9066b6c27965fdbf3d07669eb9e

    SHA512

    4c55067920ecdc739eaa5ecc41cf4aace0238c6dcad853e1c03f4438f297361a23e684e42418de6cc5a5e3dfa0f8de3af7ea3a74400d0c9d6fd7bd19a26a5bc0

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    b440c53b8acc24d092aaea1e232a2e3e

    SHA1

    383c11e7be388d347be47b0420267a10f6890566

    SHA256

    3155d52484858775fe95b11db1e42e684bc7beabeacadc0a83f0131e03be0c40

    SHA512

    3219360f23e745165a3e135cc47e6fdde633b9eb3c9a0e1e0ce2eef4b04b3b5f2d99d9d8176940abf59d8299f3eed0cf9802c48df116844ccc9a7193f5a8dd36

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    62c8a367e626d14f46d2bc916434a476

    SHA1

    138cd1537f2e542cb7eed485d4ae9f20147ecc76

    SHA256

    6854954448179a0baa816d65ddb3a18b19490a59b060b820262e327d98e9026f

    SHA512

    d7b44ff979e8ec0288bd41623694ece5f714920f964e6bee8aedbd01f204a3805ad35687dfb263a0d612f93a987e7d8349f3dc3de21755806333559f70dae8a4

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    ad000b208892ee3d9f0d98cd9ae31caa

    SHA1

    d4c4b4f149bac687e9957f72222fb40444a92f5a

    SHA256

    d58285bdf9c86eab361b62a520003a0ec04d99e2602701adc0caf4405f3fc56b

    SHA512

    5d1c34fcada2f8a586e1947639152ab874e597572d9b7b770c8b4fea6c0317c21d8ff5eafaf37952b579b3e5c4b7401dcce9b9b93677219a87e5df10cd5fe70c

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    0a2d6343ee69a741c86ec66660da60cd

    SHA1

    4d3a47f41be4d2507cf227d464ae870473aabe17

    SHA256

    429d949620141d5c8c41452dc2eed2c81ab4c137b399ecc47f914ee0a37eb90e

    SHA512

    500757b28298c173e34e7bc39cf37e4ad1b67c7a135565e36196f0613f0e1f648332d5d93f64e87341a961c6a58afa1d7463b2c9dcd0ff22dd33f324b82170ea

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    586261222995267ed5f2643f76417af8

    SHA1

    2aeeb4324b32d525451acd3f288bbec022aea559

    SHA256

    d04b01ff34b6672e4360212e754cfc229012305e68ea6e4773b9c25f0fdb5adc

    SHA512

    c0dfb55549f2b4a6e48e7ec51f6c2da8b27931d10102248f9212a8c11a1a80f408b9b93c0c31bf607b71cbd5614c7d8f86b9b32d0c4e2b15dbbe5fa0b9a57873

    Download Submit

  • /data/user/0/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    289f0dc449560596ef392d75009bd9d3

    SHA1

    4f4acdc8bbc0e292599040f641cb3abcb4e8ee29

    SHA256

    ef16187824743461839f6bec5a2044062c92ec7b3d5ae11cfbefd80eeeefb49e

    SHA512

    4856e0da91baaf5e24beedf92c79b9a618f59d854d7a2ca901b33363388740eb8aedac5db7a1abc8943b169886eac809a9ada6eb429b68dcc5bd5fe86e66e20d

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    1c4364372536cc3fe067a3d513e274a1

    SHA1

    af8851b2a8de3606bd392243b0f652f1152d4e5d

    SHA256

    815b7f63535268f5194479b9793bfa507b70d3d4982c05342f1e4ddb62b8e3fe

    SHA512

    7fd3aabe2c09ab0265327b648f53668ab41798b8ab5cf2f4dff406a96aaf68d2f545d56a7212b10ef10ebe41acb4b1a384e6fb4f5edd66e32c44729511daa0b6

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    375b04dc56aad89565a97a93ea660f90

    SHA1

    9ec280ddd42302ac92d0a36977e18cd84ea05d53

    SHA256

    e860fe94d4d4de5fd072816672c95e841cc5c2662c4c22047d1c6cc19aa5f488

    SHA512

    a61d049d860ad8c04a95bd392498753e4b00f9b4366378ea91e25fcb0e5d60ff8e4c417a920da6290d9a92f103ca7dc32951105668a783e7d0da788f5ed0a851

    Download Submit

  • /data/user/0/com.tencent.mm/files/Tree.txt
    Filesize

    566B

    MD5

    5ef376a43c077d20745f983d3c28dca7

    SHA1

    2a0a5e7f175be8bceb58d085572937fe9a360dbf

    SHA256

    419139aa48dd51b9fcefd044c277e3424f19da36d2424988515ebe86c5e6f519

    SHA512

    1e036fb56d658113b3dd8a4b971a9b0da501a0b3bc4712a28951bd64b8b9c58331d305cfce3042b1ba355df66d1f20a5d06657283f9bdc3c4015b03985f92175

    Download Submit

  • /data/user/0/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    854B

    MD5

    6a10cdb613b9e350b141a0e2f0f29d10

    SHA1

    0a41d070f962fea142580af9f5b5ca8effbdaaa7

    SHA256

    e66248800a24fc0afb3bfa97770002ce2f6f4e24f879ab7e84e006ee7c6b8e55

    SHA512

    8e05fe06102a251a51df13df411e22c6e363019245092257f5143b6015b9fba30a7623b25cad714bf01beddba0cd6a6b81301874617efc8de4bd01e2b0cedeb6

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    854B

    MD5

    4539b65846230cc272e740aee1bf1d5b

    SHA1

    88040d7e9c423c4dd05a5bda3b13fe781b5e7f33

    SHA256

    f40a5495f1ff5887c768329294f0dd6824e37f35a5bb48ce9871debe09aa9f6f

    SHA512

    04823e2d5ab2c7c3026a3eb8591756f4fda29c7d3e9ebd334b18eb721748a9a7f3bb36c6fc944b6fb6491e91dc85c00ec48f215f5504a2a10fad84597f95bc6f

    Download Submit

  • /data/user/0/com.tencent.mm/files/pkinfo.txt
    Filesize

    10KB

    MD5

    df036b93426f886d1696210079b94938

    SHA1

    b593b3806d3d85257511959992013f6a4f543011

    SHA256

    6d9bb455edd9154e310a777aad0dde552ff995134e2321933a0365f9112c3912

    SHA512

    0d7eb6c0e5378a362a4bbebbc09f291080975c8ece8473d28c9cc9ec5b4a138f2fe19b09bc5d44cf17ec66a4f59dadb1de59ac8286cdc10a461e46491da01e29

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-24.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-24.txt
    Filesize

    267B

    MD5

    ca83936d0c0ffdb4a991046e32ccc956

    SHA1

    6d34827e6fd5b8f716cc5f7d7843b581713aeab3

    SHA256

    b50da55ec1fcb8d0589b49d5b3dfef915d77f3dbb24416bb1305441f81c507d2

    SHA512

    61bb1d4d033b0ddfa7ae802d5732c00af6db3aa5bcfbda0c60a0f12bd9fbbbd03123990c55d5abbd3d6e967471101b82e409f1620a73a3cf8c627452f61440d4

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-24.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit