wocwvy.czyxoxmbauu.slsa.ncec.myvbo
android.intent.action.MAIN
wocwvy.czyxoxmbauu.slsa.opzsdswiddt
android.intent.action.SEND
android.intent.action.SENDTO
General
-
Target
4ab2df8a1e6d63b3849b3d10dd0692a4efc26e824e0e30290608f840358bfe63.bin
-
Size
381KB
-
MD5
38ce3303fde588f59d3be231acc05a27
-
SHA1
3c332332438e5331d51cdfb5c91d9caf6ea35a99
-
SHA256
4ab2df8a1e6d63b3849b3d10dd0692a4efc26e824e0e30290608f840358bfe63
-
SHA512
842d1c822afba68038a7e5c0b36ebc1627eb057ea425b5cfd0b6cc55a9545f1df327dd97701001d85699bc4529cdf0549b26d74246a6077e340cb1c7f11fefc0
-
SSDEEP
6144:+5z91fUh9H1aMJghgDjP1xTFs4aVrTr4sVfMV4sVfML4sVfMS4sVfMN4sVfMD:+5zoh9S+ndBijTr4yfy4yf24yfR4yfgY
Score
10/10
Malware Config
Extracted
Family
anubis
C2
http://192.168.140.129:80/
Signatures
-
Anubis family
-
Declares services with permission to bind to the system 1 IoCs
-
Requests dangerous framework permissions 12 IoCs
Files
-
4ab2df8a1e6d63b3849b3d10dd0692a4efc26e824e0e30290608f840358bfe63.bin
wocwvy.czyxoxmbauu.slsa
wocwvy.czyxoxmbauu.slsa.ncec.myvbo
Android Permissions
4ab2df8a1e6d63b3849b3d10dd0692a4efc26e824e0e30290608f840358bfe63.bin
Permissions
android.permission.ACCESS_FINE_LOCATION
android.permission.GET_TASKS
android.permission.RECEIVE_SMS
android.permission.READ_SMS
android.permission.WRITE_SMS
android.permission.PACKAGE_USAGE_STATS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_NETWORK_STATE
android.permission.CALL_PHONE
android.permission.INTERNET
android.permission.SEND_SMS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.RECORD_AUDIO
android.permission.READ_CONTACTS
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS