Analysis
-
max time kernel
24s -
max time network
152s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
03-10-2024 22:21
Static task
static1
Behavioral task
behavioral1
Sample
dbccdff96a947a5a461a9c794db7bf1e704dc5371fd6a3cb0bbdb412d0854818.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
dbccdff96a947a5a461a9c794db7bf1e704dc5371fd6a3cb0bbdb412d0854818.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
dbccdff96a947a5a461a9c794db7bf1e704dc5371fd6a3cb0bbdb412d0854818.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
dbccdff96a947a5a461a9c794db7bf1e704dc5371fd6a3cb0bbdb412d0854818.apk
-
Size
4.8MB
-
MD5
d98de9f671d6aa0174ec3ea0e0bddfec
-
SHA1
303e407a5b037edcfe39c56452c96064a0b48120
-
SHA256
dbccdff96a947a5a461a9c794db7bf1e704dc5371fd6a3cb0bbdb412d0854818
-
SHA512
7e322b4acacb0997045842ca9222cbbde8ffda0bd5ac808a0ce975c5fe4c75e13b2deb33cc1f7887e70ed11c2e2697d725a1cccb200d3d0fa1b61adfa25f725b
-
SSDEEP
98304:i+fYMQWkZNz2GKsglGc+vx0lTeHuCUXW+cs/Re6EDk:iGeFLppgcc+vKlTZGDs/Re6EDk
Malware Config
Extracted
anubis
https://google.com
Signatures
-
Anubis banker
Android banker that uses overlays.
-
pid Process 4602 com.tencent.mm 4602 com.tencent.mm -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.tencent.mm/app_mph_dex/classes.dex 4602 com.tencent.mm /data/user/0/com.tencent.mm/app_mph_dex/classes.dex 4602 com.tencent.mm /data/user/0/com.tencent.mm/app_mph_dex/classes.dex (deleted) 4602 com.tencent.mm -
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.tencent.mm -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.tencent.mm -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/data/phones com.tencent.mm -
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.calendar/events com.tencent.mm -
Reads the content of the call log. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://call_log/calls com.tencent.mm -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.tencent.mm -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.tencent.mm -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tencent.mm -
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.tencent.mm -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.tencent.mm -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.tencent.mm
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Schedules tasks to execute at a specified time
PID:4602
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Foreground Persistence
1Hide Artifacts
3Suppress Application Icon
1User Evasion
2Input Injection
1Discovery
Location Tracking
1Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10.6MB
MD5302e71be0e6d47632c3769c72da585b7
SHA1124f1bb806acff41157abef543a838ff0ce53b07
SHA25666fbdef34021b43ecf328360a6e50ed2fd2fb6c2d568e15775027234649c1a6e
SHA5128743061a172d844b0d397930c17c4153df4a895cfe2845d58fea3fcde4ce66aa94d1ba1d5a0ae4859772b57b7fb4c777cfa4c2681c3309ceff450cec234ce7b1
-
Filesize
32KB
MD51854505a3f6d683ed7eb81612934370c
SHA14f710add9a652d2fb92b7ce45589e27bf03f0b2a
SHA2568100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4
SHA512104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962
-
Filesize
512B
MD5cf4dc9f57bbb7228410ff04518a3dc06
SHA1c96173306f548d0cc4afeb03087865b56ca8ba34
SHA256a42de68b7763e9bb85c074041f93273c2fecfdf1cc44aa06b2634e7cd9c004aa
SHA512e57a72f319483643cfa0bd43dab46e4297f3e9f18f4cc92a04b094422f6fba7fdac575c42efeb5c314ed26970ea43839a88e0a7bdd4a2028fe0c298485bb8a8e
-
Filesize
8KB
MD531becffe45ea24456c6cc4fcfc3aa146
SHA14e6ad1b5c95d9573cacfbe971ea3856fe6b29d9a
SHA2560ffafa91d2220241ca961b8db72a15a5e5b184037e6adda2090aec5bbba9a0a3
SHA512fabbe34966efb167dabc0509a0c0a07e5fa7fd9214353dc67df84464601b432ea569823c3eeb4f2fcb134171b2bdef0980a1856f2c54b0f0e7b82203d64978eb
-
Filesize
8KB
MD576b656361b3e3858c554b4bd880e668e
SHA1931a5c17c5c8d38293a2cbc03cde2db2cef120df
SHA2564405235291b37e02a05e3807074b3876dfa64f22412012f5e28280071a1c3a4c
SHA512cefbba24f2354bc673256f5e1830a5860659be5afc43eb07813d7d2945de7b418c43a7491feb7df8a9ed63839b7d7004ff3b0104e0b8f3fbe525d6aa75e6e15e
-
Filesize
8KB
MD5e915040b9393220900cb88cc9ccf9738
SHA1cbbdd1865ad1cffb00f57b5518619d644bc4c587
SHA25620a2f7e94a42fff6a76add682b6c6b25a9d295811fc0ea4f1fb01ffa81bea700
SHA5129dd08969d3ddf2fa4a5b2ca1b699c4fcd69b0c7630fae95bf045f5b759969607646f209b6981eef21c41436005cecdae223dab4688d1aea847fc4662dda85685
-
Filesize
8KB
MD5611875af5a6fa10b2a68088d29d0e242
SHA18abc26c3207a477c86f98b7bfbef1287d74992df
SHA2561524d75d96ad3cc854a6186568782468571cb52fb7c4b29520bbf8a58cf82ef7
SHA51238e4ee2bca9b125460096951cc8d2c1e01b7e10231164396a8811931fae41bec9d7b15a1684143a1ac44d7c179138f9da137dbf9f7a4f5d179d050623086e933
-
Filesize
16KB
MD54d9a215ca9aa1ba93bd088266aa20c14
SHA18bcdaa7b91888a20465c767628885780b86c2585
SHA25691259f42077fb2bd67aae1e2b26c2038cf5c6fbc018c707ba13e329e16af5030
SHA512ccb3e8e554c980d90ec741aef497273963a6e8658943d957c454bf170a7fcc38bfa048815187747dc087cfa194460a19457203967742842bd01d8b94bc25441b
-
Filesize
512B
MD5c8511192951be6d7c78ae5bbe57ac116
SHA1b03960406c1d9ac1ae35ac4c4c776d07704d06ae
SHA2566035e8ce59b36a4f495eff62d3ad5905de4bc9ef1b770bf83d28c52e9dffcdbc
SHA5129a3b5af83784f313a64ec8bafa84a8d35a9be7a469348daf55e78a8a90a0b3ec793a26f9c6aea6477f578f14bec737be64dff0c3eb293c2f7e18d461b4d8df5c
-
Filesize
8KB
MD5b6bde6e6669dcad2d19ccbd933736e7a
SHA1bf9c89f6da2e4356759663827bbf7364f0c87c0a
SHA2564669b7ef40b6f7a931f5ce59c033da995a2c106cfab9ab221396e2e3279d595b
SHA512b7ed0a8ea30fa5b74ce38b2e8e5f1b8ab118ff17c6fcb9b22293991a95a42f9efc3dc2f9268ee06d0dcba734067a830d25edd5d0d9aedbca2a823bdb886b02b7
-
Filesize
8KB
MD5516b0a372553d6be65d56ea850974417
SHA1d61b73186b4aa6be8597ba73f2bce75033504d1c
SHA2562fd0ba4105a53fe463ac2af2e2eb2535176733264b582a2b65d0beb51bdbf35f
SHA512858e68652cf7fa11e2319b2df2d4517db301bb743992cc2a5b6c056ff85862b2735557a1a5e932f4b536e8d5f6ca8a602e9bce5c606ca52312bcf9ae4452959f
-
Filesize
8KB
MD53341838131348481dd970acd77f0620d
SHA141b1a8067f3f7f7b505181ecfb5eb9d84c7acd88
SHA2564435274f79342d26b351ae72fe126429f041ecf1563fc52ba1c1e3d068182f0e
SHA5120e2b0b543b2ec5b3ba00b2c852c92feb4ad63125d09280a5bc74cc55572ffbc05ddd9ea6e6a696ef0825edaa98c24b3fe5ea16ebbad98ab2f0e4b765f568c5fd
-
Filesize
3B
MD558e0494c51d30eb3494f7c9198986bb9
SHA1cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA25637517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4
-
Filesize
108B
MD552199360b11ad01830ae692c1a46851e
SHA10b6fac9f66494e5b9a88811e06e0a38af988d3c0
SHA256aa79df49f1226bd26f99773ff08c8646a167be5e83387fed2e01d3b4ca4da127
SHA5128748fcf30ba708cae43daad3fa487053d4871014dd2a78a44f51e8378b713448de9af14c8720c2a13b6292164577cf53018aa8031011c7eb037bf149018bd803
-
Filesize
566B
MD5aa90fcb432b2e3aa64acee9e5a723e77
SHA1ff7f5385a4ff8413b04c7164f963737a4ff73284
SHA25634f6a353f875915d8f484b07bcbaee5993dd97db17b6e0e256e772510a595754
SHA512a3ee3849dd51fc57bb8ad072a1bf29b00d5527969cf43f4f62f19fbd3fb4ab9fce7821d26aaeffefb3eac0a0267200c89d7a4f278eb23bab1ecd4e38601463a6
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
854B
MD5bf5d1d96fddb62082dd3a0716f95e15a
SHA15684ea97e9539f8c839bcaa408090290c855e16a
SHA256fded06f0f28d8d55a0c991fda19e68e089957e830bda0b38db4998ec402e5ba0
SHA51228eca4a73a44a90a2a4d42a1e83b903338f4eddace11de1a9f927d35629ed3c833a98066139bc9c17d799dc62c02f9b4653d6c0c7c85eb871ce66298b967b901
-
Filesize
10KB
MD5df036b93426f886d1696210079b94938
SHA1b593b3806d3d85257511959992013f6a4f543011
SHA2566d9bb455edd9154e310a777aad0dde552ff995134e2321933a0365f9112c3912
SHA5120d7eb6c0e5378a362a4bbebbc09f291080975c8ece8473d28c9cc9ec5b4a138f2fe19b09bc5d44cf17ec66a4f59dadb1de59ac8286cdc10a461e46491da01e29
-
Filesize
12B
MD5e48057c3603c907cacbe1568a7dbfc41
SHA16e100086b53e20e499a9be069aa1b452faf82ba3
SHA2564b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a
-
Filesize
267B
MD5d2126d9fc9e1ee250e0272ee7d6775b4
SHA1be81c76cb8c8cb20879582a38be90827feedcbee
SHA256dc91ac84aa21024b24a9133c035f36c9d39497738cfdf067155c45b293dc8942
SHA5123afa1210834d864df0fe48de8734f806c13b61c31824318377313c9bd69c84321fc0671c1ca29cf3b5971423c6457a50f9e80f4e008bcdd76c4ff73535aa5e70
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574