Overview

overview

10

Static

static

6

Indian Gir...eo.apk

android-9-x86

10

Indian Gir...eo.apk

android-10-x64

1

Indian Gir...eo.apk

android-11-x64

10

Resubmissions

16-09-2024 13:32

240916-qs14qazdnh 10

16-09-2024 13:26

240916-qpxbcszepn 6

Analysis

  • max time kernel
    44s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    16-09-2024 13:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Indian Girls Viral Video.apk

  • Size

    4.3MB

  • MD5

    31c7c2c645b8d568ffe4ae757fb7bcec

  • SHA1

    790db635892710108f5352c9088ac88a578ac716

  • SHA256

    98051f1bed4b9922908522842ca65e92099725c2dac44b78316caaf525ae4491

  • SHA512

    0ff6239a13d3f473f2cc3a4dfa1c0b15fffd385cff13fce887e18b6399beaa0d47b1e12069f185f4336324a1307594264878aee60a1d01c63e95f8303ac99408

  • SSDEEP

    98304:qfYMQWkZNz2GKsglGc+vx0lTeHuCUXW+cs/Re6EDPX7:6eFLppgcc+vKlTZGDs/Re6ED/7

Score
10/10
anubisbankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

anubis

C2

https://google.com

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Removes its main activity from the application launcher 1 TTPs 3 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Schedules tasks to execute at a specified time
    PID:4634

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/app_mph_dex/classes.dex
    Filesize

    10.6MB

    MD5

    302e71be0e6d47632c3769c72da585b7

    SHA1

    124f1bb806acff41157abef543a838ff0ce53b07

    SHA256

    66fbdef34021b43ecf328360a6e50ed2fd2fb6c2d568e15775027234649c1a6e

    SHA512

    8743061a172d844b0d397930c17c4153df4a895cfe2845d58fea3fcde4ce66aa94d1ba1d5a0ae4859772b57b7fb4c777cfa4c2681c3309ceff450cec234ce7b1

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    1854505a3f6d683ed7eb81612934370c

    SHA1

    4f710add9a652d2fb92b7ce45589e27bf03f0b2a

    SHA256

    8100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4

    SHA512

    104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    56af4bb595b03e649abaf90a2b3ea13d

    SHA1

    65cd5bbc34cbec7ccd5381be449ef1f21dd6f708

    SHA256

    1d53174b97716d21f1ee9e5dc4d8a1068c7a3e585c2ebf666a5d937a273ae44f

    SHA512

    c6c4b8bf4d4c99cf069061c7fd6329af6b1874156686d2f5a029afce64491f9ef96db2072717f2c0d4d734c5be6c430ed61408b6f6356cd81f019b14130d1b3a

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    6ec556438625115dc94ef6e001c7397f

    SHA1

    f142a87f68bbc8fc0a2549fa83d42eadbf1c12e9

    SHA256

    cba0512b5394607536649493cccad5a80dab28da89ab80ab291b5f0ac34ed2df

    SHA512

    9ffb74ecfc797524d253cfeed7c8c602629270545fc296ab2574077074499d1af980aa1d4446f06a2d3fa519a10684cb601391eca812941d3300fa39271d3150

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    c01c50b30b1ff4ea78aedfe06d1094a2

    SHA1

    42e1b63d7c302a455f6ed1036233555422a8430f

    SHA256

    3dab71cea0081c81f70bd00f9dedecb3f16a2939728124439d76f17d37aef1a8

    SHA512

    8612102cba72f22b0ee5330785d517449b98bf08006b66ade75c9718435b86b3d7fb0e6798b8e7bc6e152d0e4df8ca18517258b76d54a349f9bed07b9357d228

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    9342db6e767629c3953f231c670a4fa2

    SHA1

    81e5781ad7cbc87461944bc06cd676ba0712a03e

    SHA256

    49dc873addea7b697f3c9df4993f098446056df0d5a6c9acb2795233f4715820

    SHA512

    e96793d74033f7e050c3d9ac9ab9ef7a9adecf72e541839cfe3c5fd6161507e3323fb50213356f05e64f31b5318baa3dd0b47d05f77abf36c77e70684362d6d4

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    ff19177aed2fd43e6f7ad8f0375b1baa

    SHA1

    54662afdaeee861898ef0e8b50b1b5b693bd2b60

    SHA256

    a7176c3c1c643154e46b361001f563e6d64a43ee5f2903ab2c4169c275293874

    SHA512

    f03efbf24699e8999babb4cbc7729d7a34c1231493dfcfab4a05ea8ad15d39ed0a68d4d4267f50d67a3f1620790a205a4aa4c52a16b7afa0db8f382aea5c85eb

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    d9ea3798a46f2cb70b0cbb5d735c5d65

    SHA1

    01511926b524de7c0aa9c348daa57c7f8c0862e9

    SHA256

    fcc2821e619fcdba0cc8799d6d242626dedc1e636f7dcaeaf08abf1f96575461

    SHA512

    14fe8cf774e18863101a3b1ea015df5321679a5c52fe34eb9485848ba575444e0642ea716843a320800122ae8680a58cd54d1fec2aa7c9bcc4eb21720e1ed742

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    da217bacecccfddd82739772e76efd49

    SHA1

    0c84377d967ceaef2a4e140c50b48ec11bf53841

    SHA256

    59b420a6b5c6f999b77275c68f198b142f006ba75dfbcd794b3e1210a6585174

    SHA512

    e109ca79cd18676f979a7fceb85a4687c773d0c497c165f7d3e4193b28a7c144a23f6ba5e88d760d5f22bb05608ce8299da6353be9c7737c4eddaafff896674b

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    5673ff589353bf5f2cb50a177c84e4e8

    SHA1

    042cd64684366a49ea642c4c7ea9f48d34d4261a

    SHA256

    cfb4d36fea6792ab92f0bff867bef31a8de7bdbd1b54f9d0a9d9a02a650d6711

    SHA512

    1dd6350934a8d8e8761624f567c1a95dd788848a4310bd6ff329d311f644bfc293417a144015242cfb0bb97c9718c2007d6afe5be117cc5ba6ad7e04aea01782

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    8fb1bee32d78a3e244f86c77ecb6a711

    SHA1

    fb614f3513386f00b868d8f1d12f4517173ce902

    SHA256

    fb0fcab19cf1e034ccb5cc56cc6681121ff2cdda584beca1eeb86f950a99f419

    SHA512

    8141817120b9145596a1babeb6a957f891f3a69f7dcc0dbca373dcd0095d1ef3692e4949f02057ca40f4c352e4d9c8acdf23711897d08320457c75f495a319d7

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    4bd5be902c875d0c6f6c6886a8397e20

    SHA1

    d2c1b488dada4a6b371c6d26ace917ef60346b41

    SHA256

    5ff65917df6cf697ae9d4a13c39933c70d8702499e31d3cc59a69c5f8b4eb9ea

    SHA512

    7dff0f05b55994d17c42c14bf3c557d526cbbe99ede3c84cbd996b7fc779f2d584f36cbded166ba3015aa0d75fc38796aa5dba41069ba778affed2a74ad323c2

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    bc3bd7bcd5f3357e2d12f34ecd8bcedb

    SHA1

    30f3d25d894b9c0586310f8e8208125469007953

    SHA256

    c76d3bdd5d88bd4e366489fb030e62da372465af5f05cbe841c6ce2ebe27b13c

    SHA512

    00ff140dc6ad34b7af4edbefead75c0371b99eb9d5a6f21d8a52ee5c20e12abacd7794bc201f5753cc3c328aa03e654dc096ecc4c9e2b8373ce62405fe8dac3d

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    5b3a0ba73339a6cf1e250dfe475ec048

    SHA1

    09ab67933d5e39acec2d00cbfdd8d57197441a8f

    SHA256

    8d57ab863ad9ae671b848c088f8bbf0eb9292f2feb59548f90e1f6510991968b

    SHA512

    c149e0e557ef35df2faaa45880427f85a1f61f0921b0a5b938bce2192528d1f384d5959cc33255bd4e784b6747af206f11bee8d195c961c006b0e1b7e6c03f13

    Download Submit

  • /data/user/0/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    33f86fbda4b7c8b674076b38e86da299

    SHA1

    3ea259a2ed5a45b38f35744c336917fbf2bdc391

    SHA256

    bb72354f675b3aae0240fa8648948b41da49d47048a3369afcdd61ed7f0f75cf

    SHA512

    724bf6e7e07d47c7a8d171687d84a6ad81c57a51218c3512ebde1215d436dad902e196894530a2f0f5d123aac43c4e4082b283ad0bf3615c28864e2445840db9

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    1875d32ff9f0b4a31fb8b9146336ef30

    SHA1

    cf613643cf53b12ae0b939e1ae98ccd06df8a112

    SHA256

    6da2b246bee75ab95a29926a84214518981afa6e8b934822995583c6c0f23aa3

    SHA512

    5aa8f8be5c8c39073828119a7186c5a67e3fc93f92d1942de27478c199bba30350a721de3d172d8b7ca4336cc045afaf4c67b2f572f06485a28e541de5c6c962

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    114B

    MD5

    101c6df74174dc3a4f019d962221087e

    SHA1

    cf0a137b27800b360217482f6b40e5048e0f7762

    SHA256

    fc6b815899b5d424f8608c440a5d8d62c93cb170ab4d0d6d95de6800edd5f033

    SHA512

    a9a7b64f6da67ee1c88ceee5969f70f7a36201af7a42e3a27190446c0ca169bbd0cc60c4c976f95db4a9a78d7927f4ba9e4f9d40df85f1013ebaccb90b1a658d

    Download Submit

  • /data/user/0/com.tencent.mm/files/Tree.txt
    Filesize

    566B

    MD5

    aee444d3961121202e1baacdce9da380

    SHA1

    42bf47688b37a8e6a19b1e6a10d601b5663b7824

    SHA256

    247c3880e7c86dbb6dd60b9e129afba29e5a6fbebd8b99e88ac2f0eddec41c26

    SHA512

    82d1750d9a94704cf6739473bb4b76fff1d67f701bdccc9dd10a2b47e9d526eb5d557a4b1d3495bce6de557c134e465e69592b9fb8bcb729ca6dd9a8838394e5

    Download Submit

  • /data/user/0/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    854B

    MD5

    46bb4795fa6023f173e0ce5640d3fccb

    SHA1

    0b17fb860e0633bb52f7f49f9c31ba0587e81fcb

    SHA256

    a5d0df9905dc017b73f6064edb4801a4fd9fe4dfcdc6c9afb5c7276804fe4f89

    SHA512

    81ca1393a253c3213f6dd3933051b1d3d4f98b2fd48c9eff42190dfd5ea1e554ba16a867f4d3b8c4a575411428a84cf7ee9ecf5707cad7c82ee740552805baae

    Download Submit

  • /data/user/0/com.tencent.mm/files/pkinfo.txt
    Filesize

    10KB

    MD5

    df036b93426f886d1696210079b94938

    SHA1

    b593b3806d3d85257511959992013f6a4f543011

    SHA256

    6d9bb455edd9154e310a777aad0dde552ff995134e2321933a0365f9112c3912

    SHA512

    0d7eb6c0e5378a362a4bbebbc09f291080975c8ece8473d28c9cc9ec5b4a138f2fe19b09bc5d44cf17ec66a4f59dadb1de59ac8286cdc10a461e46491da01e29

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-09-16.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-09-16.txt
    Filesize

    267B

    MD5

    ca83936d0c0ffdb4a991046e32ccc956

    SHA1

    6d34827e6fd5b8f716cc5f7d7843b581713aeab3

    SHA256

    b50da55ec1fcb8d0589b49d5b3dfef915d77f3dbb24416bb1305441f81c507d2

    SHA512

    61bb1d4d033b0ddfa7ae802d5732c00af6db3aa5bcfbda0c60a0f12bd9fbbbd03123990c55d5abbd3d6e967471101b82e409f1620a73a3cf8c627452f61440d4

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-09-16.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit