Overview

overview

10

Static

static

6

LIVE XXX (3).apk

android-9-x86

10

LIVE XXX (3).apk

android-10-x64

8

LIVE XXX (3).apk

android-11-x64

8

Resubmissions

02-09-2024 12:56

240902-p6p3yazhql 8

02-09-2024 11:26

240902-nj99xsygml 8

02-09-2024 11:08

240902-m8vp4azcpe 10

Analysis

  • max time kernel
    28s
  • max time network
    37s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    02-09-2024 11:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LIVE XXX (3).apk

  • Size

    4.8MB

  • MD5

    98931c607b3b6be96fecf4e54fd62b48

  • SHA1

    4a3ec0ba1d74e61be278a4ab7b2e4f1f55e003a8

  • SHA256

    312a30b8abbf7caaf0cf3ac312eef5eef78c8a777af2b04db4195700bdb07cd0

  • SHA512

    4255a282c3500afc891bbfdc7b10599b5fc07c86ae9e0bced92a30de9d60398c75d695cbca35015fbdf9307f7ea003bad0c400c3aca6dc5fd9c76687aa88aba2

  • SSDEEP

    98304:TbJuaNHeoBzzY9UbDh6BDehFEzj154vqT75v2dOIYAhag:TNkoBfgBDehOzx54al2Nz0g

Score
10/10
anubisbankercollectioncredential_accessevasioninfostealertrojan

Malware Config

Extracted

Family

anubis

C2

http://Google.com

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    PID:4277
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/apk.crazy-v1.AndroidManifest.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4328

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml
    Filesize

    7.9MB

    MD5

    f8e11d98fbaf38ebd77bc811887a0742

    SHA1

    1b5aa6aa71e134310021c20c91b4e3584b72090b

    SHA256

    1e1f2f64622098d3530df5819b7cf87b41b2969583f05e60160884eebd38b9d1

    SHA512

    8df0ea75f556a1ef70f023f8fa1521921c4f6f67ee1304c2396324727fcf6b847b05010978cf07c846425f027cc2753d24ff760b489416914c53971d2d155445

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    7f6ed2515be7f41121143a425f5d489a

    SHA1

    e9f77fc9ad0f7907091ec716e4ab0f5a95a74d37

    SHA256

    bcca25bddc76d8512b0dfa45112717c07e5b0950e13d7f6fd3e9fb6c3616ae55

    SHA512

    b53a1097947707d36a4ae348f73ab4e663bbccf46ee77f263629389feb8101a067a8c0cd65edbdbc090f6253fe8e3954b52ac565b9951bd3eb844170743548a9

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/databases/evernote_jobs.db-wal
    Filesize

    32KB

    MD5

    ab30b1d49908cbe5d7d3ae655a78811e

    SHA1

    2e40b3a6ea49f4a61fe0d6e0474807ad6c142be1

    SHA256

    9328976d966aa8e097beda4c317e8fd50ccee99bf50bbf12f42c9f5f375b2576

    SHA512

    de0b332f7c58764a6909dde5d125c852c8b768d683f521b6ce3fdc94618465d6abcdaf8b0b347acc2f1a6f2de3382b7ac288336d7a1be99ac8871c110388d597

    Download Submit

  • /data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml
    Filesize

    7.9MB

    MD5

    c8200af007dc02e887c34654f173d832

    SHA1

    a653cd477708311d4ba131ed24ec99daef2d101e

    SHA256

    1d2b3c43f810ad4085a5d117bbcaae4121c1ec2e6c3690d378b0719b852699b8

    SHA512

    3983a9ef2dcd70f819c80480fa476743f179f972a41246e16575670b5c172996d47a5b936b2bcc2a33765581119f704a4d1f1e7918ebb204fb281157134740f5

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-09-02.txt
    Filesize

    45B

    MD5

    0fd0027e48564400b030e49702411fcc

    SHA1

    5fdbd6adda1197ec3be92a404f363a85b5c15792

    SHA256

    943c9c7f5ce0e54b488c9ae2728f082076dc9e139b1aab4c1dc7705d3cc3175e

    SHA512

    2705ade851abf46df9cbf0601904efe44d3330c2591f4c2572b3a64f09c5bc447bf2bd40033227d7aa23eb8eb99b99c9e209108396c6e442798bf3dc1122cdfe

    Download Submit