Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
158s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
02/09/2024, 22:04
General
-
Target
f50192f10a584abe5eba2e3b23aa061e8c4e417bfde2875a99a4782a79b710ab.apk
-
Size
4.3MB
-
MD5
3cd896efa6edd5dc92a5c1fddc531546
-
SHA1
d1f5616e8d2b98407bd7681ba1b862f16a5ba3dc
-
SHA256
f50192f10a584abe5eba2e3b23aa061e8c4e417bfde2875a99a4782a79b710ab
-
SHA512
648a9c06a9938208ae90c899f42db18a918776f79c252e812db8a60139a2b608b344dae79cd04a561589922a7708c0c9ba6f604d221e1697f416f125df521e48
-
SSDEEP
98304:xGVORjJEO8v6/uNf+LWOilmD9u5A2VRDJtRjpAqscjdwQUTXS548ndyE:mORjJEO8v6/uNf+J4d+qttxppLBnieVX
Malware Config
Extracted
anubis
https://google.com
Signatures
-
Anubis banker
Android banker that uses overlays.
-
Removes its main activity from the application launcher 1 TTPs 2 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
-
Reads the content of the call log. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Input Injection
1Discovery
Location Tracking
1Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
3System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.8MB
MD5d3115f7162e2c71daf80ac914d794d0c
SHA1a5ed04fb370588dedbc37c957bd60a2d2fd42b2a
SHA256d6647f18497a282892b05122b69d5c9ccd70e8b771997d95bcad4fef0f8d9381
SHA5122fd52ee8faa3dbcd146c754f3e0b072f56c0f290f1a35b660d4549f3a47759002181e6d5fc4ae22cf7aa396620af5a667beb442d8aa8610b816a1060f3ba7d45
-
Filesize
32KB
MD51854505a3f6d683ed7eb81612934370c
SHA14f710add9a652d2fb92b7ce45589e27bf03f0b2a
SHA2568100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4
SHA512104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962
-
Filesize
512B
MD54cd210e6a2ea0ca6c390728b54d73103
SHA108e05024d0500eca39f109824ee38d85545b452a
SHA2567291fb1c0898b4081faee2401de76ceecced7a7519be29902b73622ea53ca2a6
SHA51280349dee3edd79d539dfd6d4734a107c63a60e6f0b3e44383566d2bc8d8ed5457a248d2532a795018c8b311ddaa8dea83571c3039191c8d4ec21fa8179a751db
-
Filesize
8KB
MD58b6e9cf8a33634b25a0c5093a2cd2c7a
SHA169aa83b63de0ad7d797ae685f7b2dcf2d855e308
SHA2568c286b64d872c2e2253d88694087d2de5a5738f2e1c097814cb49fea0d866e20
SHA512f0b92bc41689f01c13fbec7fcae4f7ecdbc436aba358e0e212ab6178b93f379d2ee6ab1b4fc614732d623e9ce422de62609e5b9f38252196347c021f1c7632a2
-
Filesize
8KB
MD5ed2d323568fe9550ce2c593b899079c5
SHA14920d0c4ea1b1a299ed34e29757539e70542dad7
SHA256eb1cc34e7676d69dd8de2c6dfa9ff9ae0183589e7d3030157eb2b0ceb23d0b16
SHA5121a8c1f4c489d7a9a47097fb7235b0ad02c4bcc1e3e2c881bb36f10c91fea505069519c57656e284a3e702bf3ef0757b7a91909a4addeb1438bf22937f08f1577
-
Filesize
8KB
MD566ed18abd8e5f9f1a3c944fe51cf0d0b
SHA1ed0af2e5799baa8b002dbc0cd1132447dc2d02ba
SHA25633e0092464ebfb2c9efd9366986a0dadf79abe163c151a1c4652129142b17d1e
SHA51296c0787bb3da90bbb092edc36a0a73bf071d16b4555ddb6c2ee2f2c58ce93d393110959462dff2ca6b32807e5a934613338be1723a4571d2739496f68ba2187a
-
Filesize
8KB
MD50c45d823989d9d6debff9ab921c1b24b
SHA108dc005d407a24a49302d59fe6032098e96201ae
SHA25695736528edad7c44d2506dc1a356c2ec4f5216fecbbc8b07c57cea8e23061d1f
SHA5120a2686f9db20e67c86e27503acb664fa0aa748c881e04e76b01073db090e8673d190c27d8f8a8429f867206eb69b561990d78e7d9371a0017cd6a2b0d9c48b9b
-
Filesize
16KB
MD5ee0aa02f9f8cfc88241248517ca6a276
SHA118661f16e13a076e12352597d78ed05039665afb
SHA256183116ed1a53da7d2f998e42058c7a8a88b95c8a8e3d1e9e8ae0c5c9cdc10e23
SHA5124c3116ebc8583ed50672bc6776ad0dfbe873c0e42ab49465b928db8e34b60ca33cbef8b16ecea9b16b3f90d2769a96cd4184999a57485318eff0cc5928594bdd
-
Filesize
8KB
MD5693b5327074e6500fcd2597d17234363
SHA1260e32631c3f50f1c11fa060eb4491bf17c94f53
SHA25669ff44a796f71ce0921f45b75e51b66ff2cec65b2f22e3e34344164f466159ab
SHA5122e4f4672753adcff6df190e022b31c01273c8da2f7da8b40589b1c8a597abb85e038e7332c209eadb3797aaa3e23a53470ba44a1a1187871d93fefc4be213b8e
-
Filesize
8KB
MD50d40accb919f21e4078244f1c0d33057
SHA16574c7d6dbef17272e26d12d81a1ce54fbadab4f
SHA256cae79a8b2e939c15bf6fd610c3f41089999af6db89c5585adf0b2190a7b61b63
SHA5124bf7f3c98e5b8fa9ab1f1ee3136752acf3bab563851c9986ffe17737add27b9e911b845c7c27c4ba81fea727f412ef35d7dfbd3166849a834c3d6c07c887eb74
-
Filesize
512B
MD5eeab64266983c946654254c9a907ac9a
SHA10aa0e747e0cbf73ce45be9cc766fe92e5ac3ddcc
SHA256ded2b0f4df64b8e3dea8b4f96d8fef5e508b17a7dc38bf810969635c1f169f68
SHA5123d403be5367519e67a8d78917bbd66856f0591197635c58d0484439e83290c278dff0b0e1ab0441b972eea63580a25099780df3a22c901cdb372bfe2bc96372b
-
Filesize
8KB
MD53bbded1f34d27e584ca4edc08551baac
SHA1d388ed4ee1e56c4fd1b2411d5d0ca8bf365e7d25
SHA2568b6cc80803edf26ade248f321d6b019daab49fe4aa5bdf00d167ace7a32c6b0f
SHA51229011bd992326f67218d8a3df738757a23c29efc5752a8f206001402b6510c3d20553a3434ecb8dd245b857c2cfd1005636d003309c1cea23b5197f2b104ad3f
-
Filesize
8KB
MD51ce5a05484a70f61a552eb1fb7f1cbb2
SHA1dedcf86165a8c6cd08230a0812100633fa4ef366
SHA256fa101baa77a119df74aaa7b1cfee65f485edc14cd458ca2f7d5b53202611be40
SHA5121dc32becbc67ff0ec5aef27e0fb141640d7d237470653689db1c667e3d286a455e66c137a2fe1ba2e3adbc5011fd838fe186802e8ca40983027a500e9b6b2eb4
-
Filesize
8KB
MD51030e0aa34a240ef30a87e84a8fb8098
SHA1a6263f2ed5c8adea6c656eae9a966b73125dffd7
SHA2560d7f58119e9b86de89e56c8c2831b0f21906ad430a973442c1f848224c5efe24
SHA51228e67e7a6f40f95f052ca98ab4944a240fc5c278637cb11794306e8e51f16beef3b8e6ecb5a979e7f7786c2d11e88bbf0d9764b50429bd402fc45a554308b8b1
-
Filesize
3B
MD558e0494c51d30eb3494f7c9198986bb9
SHA1cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA25637517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4
-
Filesize
108B
MD5ae1d6ea08656e71e6e59c7d07a385754
SHA130fc20621988b48a94c712eeda7d43c9bca05ebd
SHA256bad83c0fb3ff81ec38039241c0faae36a314a9aa578aa4ac5a58ce4bdfcad366
SHA51205907e6eb8559b405e8676e074317e07f3635d7950a79d3fcc8ee76f16b854e95f73c6d642f788653b78749e457bbc3bd1f42cdc809cce81c681a76e2ff43c4d
-
Filesize
108B
MD51bc084c95a2f347db8b392d06d571c9e
SHA1f85e24b0661bf4e3deeb1772074b91388d4c782e
SHA256161f831b26c96bb43f448792e629a8b30ff78ae3b39d86a6ba387aa8b10db664
SHA5125bd6bf12b1f897cef9881310dd5c6537964b409e5e9fa7c16360316e118956b43c5913c1af70c53a5ad4d1a347223f36d5111277f6bcddb64063119ef1666fb6
-
Filesize
114B
MD5d0b54a92305b7cfa9c27a70a993b843b
SHA1071e66307c13d29878e8fc934f6f000d9b37d015
SHA25641549e9d81de19b8471964358773869579b3a44e7981dc2ca12a1979b49872fe
SHA5120999258fa9ae20c13fbb176c708235b1741b109e8b5dc37f5615405dd86dfff6c4c29db4207245c101c74d9d66d17a06feaadb28cb6f890882e96c3ff00c8a64
-
Filesize
108B
MD52eafa60911f7ef3f9978c38f97a5ffb3
SHA19eb50ba0666c6fc153b7ff75771458e19f2bf822
SHA256cd60b092d4082b3efd586030b671072e5efc801e2101f19c6c3729e40797cf46
SHA5126b09938cef4b1817a7cec60d0dcd3dec0b4534dba1b105de6a7203999d56402e07d9e22404e2822a2901ce07d0287d46043090ce0314209feec397d217cf691b
-
Filesize
114B
MD5abd37fbcdb995eae1ed4e205d14d1cbb
SHA168a78a66750081a19656dea7fd6519e9a93845d4
SHA2564bb7ec9f8753cf8f3a6ba136fdeb1f9d8043fd8b970c2e546261146a9412a7ed
SHA5125ef8a1a127ff20375b839127394fa906f200959e20299853fa7154ce186318237cef8e27338127e9366ec159deab354875213250541b7a4be0171f6f1a2b1dc4
-
Filesize
114B
MD570382277ab53a32dbce2da0c9f285719
SHA1bc48de2c82ea80bb315c4ceefd33a44f6855b0c2
SHA256df62d8bce1e7f487aca5c7af834be341206b510b1469723fdd87af7976e77182
SHA512a4ba63ebda3ac562f6f6953462e87303acf9b87d081dd223e762de527142cfb254b2de8ef81021e6350c9a8304b6f10d152c064f82930146f3dc4cca93410557
-
Filesize
566B
MD5bf180b55a5363bf426a61de01054b8b0
SHA1a7c3790850082f04bb190257d67cf7a2692528dc
SHA25667b58658c3c774190339ce1134fd5345f6953c9eb890b0de53b112637687677d
SHA5125846325c74cbc644d05d88e7337a354fce41ff7a9d5a731afbb72a7ba9cf93f1f26e6a2ef50c4f0e6fd90988c79c9033514311486880892ad1642446e2ed6cd5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
854B
MD5e08a9bd24322ec30cc2fc404dbedfe25
SHA15dcfd2ca8ce6f41cfbf8bbe09fe0db4461bc046b
SHA2565cdff9425909da8c1598365ddf883067fc2e16867c10aaed8cd00bb27dd076a5
SHA5126fc4a49bd2356c4f7eb814d7be5d35b0dfc231d2b6cedf547f714a32a1f92a538491d325b14ff6509ae467b50d5932515c85cce428fd802e5cc156e0bc6237b1
-
Filesize
10KB
MD5df036b93426f886d1696210079b94938
SHA1b593b3806d3d85257511959992013f6a4f543011
SHA2566d9bb455edd9154e310a777aad0dde552ff995134e2321933a0365f9112c3912
SHA5120d7eb6c0e5378a362a4bbebbc09f291080975c8ece8473d28c9cc9ec5b4a138f2fe19b09bc5d44cf17ec66a4f59dadb1de59ac8286cdc10a461e46491da01e29
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574
-
Filesize
56B
MD55875f4fe2a4b68e19f5f6e071fd6fc6b
SHA1fe1a887f8ef6066bc30970ee9c48e0846865b9b1
SHA2564d36c3e00ee88cecd60d502af8fe1caf72cd0ca0cac7b4c61e88c78439c66377
SHA512eaec72ffcfe83f33b0522bcba628c25495711812c940c8dc97b8a1b2f406478acfd1d0dd67ec6ad46511350a48816e1a7362e535e75d946c836c0e97f87bc19f
-
Filesize
12B
MD5e48057c3603c907cacbe1568a7dbfc41
SHA16e100086b53e20e499a9be069aa1b452faf82ba3
SHA2564b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a