Overview

overview

10

Static

static

6

f929ff8daa...18.apk

android-9-x86

10

f929ff8daa...18.apk

android-10-x64

10

f929ff8daa...18.apk

android-11-x64

10

Analysis

  • max time kernel
    14s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    26-09-2024 20:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f929ff8daa83c3a7e1b88a0fdc3ca02f_JaffaCakes118.apk

  • Size

    332KB

  • MD5

    f929ff8daa83c3a7e1b88a0fdc3ca02f

  • SHA1

    28d45decd671580e0857779e66fa0dd9cb10879d

  • SHA256

    0e15a3789e1a755e9727014f9462317a56a009329f78e3a628bafce077521504

  • SHA512

    ba278adc725754842bf3de4a12c2e07195e3b830fc136bc7acf7bc1539ce505d6abc506859eb75640c635be3448058727bc1a8d3c0f831663f4fb50d5669b989

  • SSDEEP

    6144:3zjDL18o0bHqzSxAHY5nZv7N7YmW2HgZWUmSZv7N7YmW2HgZWUm7:fd8odSxAHyvJY92AcMvJY92Ac7

Score
10/10
anubisbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

anubis

C2

http://slowtescil0.com

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.nvsdctdzstq.qsvnhxcvex
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:4975

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

Suppress Application Icon

1
T1628.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

1
T1633

System Checks

1
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

1
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.nvsdctdzstq.qsvnhxcvex/app_files/iudtsjvgh.jar
    Filesize

    110KB

    MD5

    b0fa30054f2df95a0eb1168b42132795

    SHA1

    1ae43cce2ef57e83d3dbb7ce9a81112c2e21b0fd

    SHA256

    1aba810916525c21cf4143c34bf448dabe5bebbc5436d2a9d7bae38e14e3cc9b

    SHA512

    bc956e2e70a7f3ff5166cff2e1ea1183a7b13369c8d4e97746fc9de831bbf296c0e2c26725f581837ed72b44f1f7e23fd0962a0a5f8bd912a6cae857ef59dc63

    Download Submit

  • /data/user/0/com.nvsdctdzstq.qsvnhxcvex/app_files/iudtsjvgh.jar
    Filesize

    260KB

    MD5

    507088d6d59be16d5aa604b4ed361e93

    SHA1

    1acf1abff5f2e28510eceea3f568ec9d3966671d

    SHA256

    c7858e5b8f562c7ad3357ec4b7cdbf87387c94f1dfdcea8c9c4dc27b9f9ca78a

    SHA512

    34f833f18bd70b120b9158301f11052accf1bc0eeeb94ee292756833f58cdea6bebce1aaeb13185eb621887a632d7637e0aa87d20f6fd22a5e627d6048a93606

    Download Submit