Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

f50192f10a...ab.apk

android-9-x86

10

f50192f10a...ab.apk

android-10-x64

1

f50192f10a...ab.apk

android-11-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    141s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    02/09/2024, 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f50192f10a584abe5eba2e3b23aa061e8c4e417bfde2875a99a4782a79b710ab.apk

  • Size

    4.3MB

  • MD5

    3cd896efa6edd5dc92a5c1fddc531546

  • SHA1

    d1f5616e8d2b98407bd7681ba1b862f16a5ba3dc

  • SHA256

    f50192f10a584abe5eba2e3b23aa061e8c4e417bfde2875a99a4782a79b710ab

  • SHA512

    648a9c06a9938208ae90c899f42db18a918776f79c252e812db8a60139a2b608b344dae79cd04a561589922a7708c0c9ba6f604d221e1697f416f125df521e48

  • SSDEEP

    98304:xGVORjJEO8v6/uNf+LWOilmD9u5A2VRDJtRjpAqscjdwQUTXS548ndyE:mORjJEO8v6/uNf+J4d+qttxppLBnieVX

Score
10/10
anubisbankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

anubis

C2

https://google.com

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4265
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4299

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

2
T1422

System Network Connections Discovery

2
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/app_mph_dex/classes.dex
    Filesize

    7.8MB

    MD5

    d3115f7162e2c71daf80ac914d794d0c

    SHA1

    a5ed04fb370588dedbc37c957bd60a2d2fd42b2a

    SHA256

    d6647f18497a282892b05122b69d5c9ccd70e8b771997d95bcad4fef0f8d9381

    SHA512

    2fd52ee8faa3dbcd146c754f3e0b072f56c0f290f1a35b660d4549f3a47759002181e6d5fc4ae22cf7aa396620af5a667beb442d8aa8610b816a1060f3ba7d45

    Download Submit

  • /data/data/com.tencent.mm/app_mph_dex/oat/classes.dex.cur.prof
    Filesize

    581B

    MD5

    8d36193a97b457cd3f07932f170bfc14

    SHA1

    da048c257d340191ef87626ca8888439947b96d8

    SHA256

    15ee054b73948ce80c2e38dadd5d80379d99d4f834600e0ab214ba04117f5239

    SHA512

    0406be82ddaa74c61a85fb99bec9e70b7bb00be7b32b1ae5f1157d4a9f9c45117c987cf6e889a1799e44e33a2c4c7c62ab62d09f02d0bb279ad17bf72f984251

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    ae32d496ab5605e0df9c6bc63984be8a

    SHA1

    0c15dbb3aa7205cbc047230dbdbc2ec0ed987f35

    SHA256

    964651350a97b2ade9aa0f5d7ccb77c698b99a11315864d5bd5a8c0244744e55

    SHA512

    d7521a8c12a1bb2b59361bd41c128401e88c9863f3c20ac629acc7a1cbdb0f963ce756e82359bbdfff12d2cce14db88287c707cf498d36073c7d52f23137a38a

    Download Submit

  • /data/data/com.tencent.mm/databases/Dname-wal
    Filesize

    60KB

    MD5

    bfa1394e9ffb80a75815207bf3ef58d8

    SHA1

    d35421f1c3926561ec9c38f6d2c96ddf39ca432c

    SHA256

    612d96ec74bcfcd174f835269071933003ce9ac5b368c0739c279e48f12c616b

    SHA512

    49f505673121e9208bd40472e04dccf4e56f22df838d216ea25753db7f82b838e52b7bca620dc34fdd99dc326b1780bf3fd371373292ab630f66fa61b0a61ba0

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    b1cc368626c03ddbfdd6157ab1f83405

    SHA1

    1ba755b587ed895826d7afb076e79135149bc672

    SHA256

    525bba20a73ab3adf14fa372496da8a28069b9711a3bce1fa029a497ffe43c34

    SHA512

    a0162908c59ace6bac6ab69ac43e0a92e384f8ecd35e617845a40ce3ed22c8eae6d674f8ae46573f39e505defc0efd828d625897085cf5455c85fc2f8c1be6a5

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-wal
    Filesize

    44KB

    MD5

    8ca1f5d875f73f4236d93c251b6343dd

    SHA1

    297c712b281090eb01d2558544358643690fd0fb

    SHA256

    3cfa90e86820536e5f21d9847b3beb52344a8120590c30e06cf95c04991be02e

    SHA512

    7da04bcb7ed9e679cfc432db9a91fa03c9df57946271602e82a84419eb22369af1bb6716d3184f900019e8b46a7fd563ee5a8d1c07088451a2521d9a3f5cca99

    Download Submit

  • /data/data/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    116B

    MD5

    94c152f2df15ddb9c3bafb6a02f2cbed

    SHA1

    4c714195e8eaf1b8c75d4f5e9a66abf4a4281a94

    SHA256

    7c8741ba826ff8ce043e9934548da62fd75520326d60a78c010cc52e34152cb2

    SHA512

    d5af6959f5607f716f89f2f59c8ef1d8f6d5bb67b9264b94cb3d72468c46fe8811edf6804517653442794edb6d1d62314a4635576c19c54b68433af9b87feda9

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    8029455799b2ae58b9e0d447345320f8

    SHA1

    bf20cfa047bb08301adca5614cb72639118f24ac

    SHA256

    e324d296e5149b19afd1d3a23b6962699bfed561b0e881dd5e6f6a7bb7d2538f

    SHA512

    3c4e95dee38056c57ead98dade62c643d9214348224b6cadfc3fae375cc1cdd9bb207481d7e39ebd87535f0917e6b0497a6c313829c26f6b4ce3b45d51909ccd

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    116B

    MD5

    0d677e879b1e22d4cac75bb54f37a6fe

    SHA1

    a816a2b61c1f4b4cfca96f2cc5560fb81fec87b5

    SHA256

    dd0aa70677329ad85881bbd797472142bebbb1d4d50cdd838cfbb4d8d1b2caf0

    SHA512

    622f8be57c9fdc31f830afe3e4d9f0698553a1c6e8d519c6c40da09da4c184fa9c4798d3c38e310a744e22de3d992cec8bae84916d95ad8581f7be7c66a09100

    Download Submit

  • /data/data/com.tencent.mm/files/GP.txt
    Filesize

    126B

    MD5

    005734bdf21523a585745f2b471d7ee1

    SHA1

    2ef5e431f30148b7848b56fb67286934362dc498

    SHA256

    135b16924d2690c05cd98583f478533d5faa1bd8f6deee6f294f0bb0913dc7da

    SHA512

    4cfe2b48d746fd7ee1add29ffc5e4fa367d34cb7418f95aa456a41c8381709bd51553f4a9c8ee178be5ab008ef31a7efeb5286f2ac6b8c52e66e05ae11f68adf

    Download Submit

  • /data/data/com.tencent.mm/files/Tree.txt
    Filesize

    281B

    MD5

    ba5d96f3550228f40c26bcfa742e214f

    SHA1

    defc7906df37ff847483732d76651b5ef7383b6e

    SHA256

    317c60c17bc7928e909ccdba4e09dd0ec55b1124547b294c7a25ba258668e074

    SHA512

    763bfda24adf2837a29cee650a5efec386cfff9c5a447712af554dff5b42ce109e78364f12ffd93c377e5d3587a68fd695f3f40c695e22b05631369ee8984e7b

    Download Submit

  • /data/data/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/data/com.tencent.mm/files/netinfo.txt
    Filesize

    609B

    MD5

    3ab1c70d62d68959ec8e5d10c5cc1db6

    SHA1

    db2b3eecfd5df7ce0f0a56bc5e7944aa0f063b5e

    SHA256

    276b07d5326c717205ebaccd83641af72c269888f5928ed1b1150a171bf229c3

    SHA512

    7aab0ac487b25b42c5ee312dc1df975d349e5a485a1f38748896fff554eaf0d2a28c9a40ba1e27e8416a6d2cac7c0ce23aa3c682d4b7c46b59ccf20e6c8a5ad1

    Download Submit

  • /data/data/com.tencent.mm/files/pkinfo.txt
    Filesize

    5KB

    MD5

    b347f6188ee025209e17f01cfa375d5a

    SHA1

    098682537f524c32d6be1e2a99b6a8a3e1b320d8

    SHA256

    7fece2f8e545a48c3b15c5cafa9a903c9bbe86de0320da217e856566bee13bec

    SHA512

    88a026ab14001c6ad2c51432870691bcc2c95d2e1497380af1b1ce1c80bbbcc94a4f6bccee31a9edfec3ccc634a89f0b910b0ee0b9a75cba6be555ea37d52ffa

    Download Submit

  • /data/user/0/com.tencent.mm/app_mph_dex/classes.dex
    Filesize

    7.8MB

    MD5

    94a609eb13eb8c32cb798f815e5b5149

    SHA1

    bb34726ac69943db7cd2d7cc4f949d7b5d42c824

    SHA256

    982123f7fe1ba8295990f5a991f5bb75e83398c89c4b91a418e9cf155b72ad51

    SHA512

    adb3b50a1285b1c980521dff1be750ec6988785f92985fa07db09a5dc8476b68bdc289a5b85e5876643241ff2b4032465a12d5728f3a2ea996320b934c318f59

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt
    Filesize

    267B

    MD5

    cb0b0c34caf7d1ecdf4b2c506fd566d3

    SHA1

    80f7d29156890eca87a10ca1b8fdece867d9b7cc

    SHA256

    a8012788df8b83994d196fc55884affe5ccbcc27de5550959b57cec030d3c1ef

    SHA512

    a6d462191b37097a75d0c0a9328e94232981d69ee610ec9fd011bbf636bebeff6bc9a51d8a3936474c1295dab0a7257ee1122c41f926f090e7f2428c2626f484

    Download Submit