Analysis
-
max time kernel
140s -
max time network
148s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
-
submitted
03-12-2024 11:08
General
-
Target
LIVE XNXX.apk
-
Size
6.0MB
-
MD5
df359f6914ef1280e5a5f8a9a84cb0ae
-
SHA1
111c767ab64194e26635959d7eb827ed71ac708c
-
SHA256
90cd410eaee0844f12da50dc58d48b9a28d8337b12930439d21cb946111bddbe
-
SHA512
84328b43dc7e1b622e7f1ccb62c710b66ff6d877ce95339f2ddcee8cf6758235c3ad8509aee103173f45bc003cbbc8a9c518c9f3951e170d05c83cb839453db9
-
SSDEEP
98304:NkJ9sl6k9guG4FH0ohxD7aUNKeA8Zmh7P0nN51zRbnNvPOFMBEmsenPKVZ0jv9ev:RK4JhhlUeA3hTKtndm8geiV+L9wXQY
Malware Config
Extracted
anubis
https://google.com
Signatures
-
Anubis banker
Android banker that uses overlays.
-
Anubis family
-
Otpstealer
Otpstealer is an Android SMS Stealer that targets OTP first seen in February 2022.
-
Otpstealer family
-
Otpstealer payload 1 IoCs
-
Removes its main activity from the application launcher 1 TTPs 2 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
-
Reads the content of the call log. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Input Injection
1Discovery
Location Tracking
1Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
3System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8.2MB
MD5859debaa37a0859f8789e11b20bfdc59
SHA1d0d9ad661de67a099613008da690983b7c57b4ce
SHA2564e064bcd5b074c2dd758a700feba317dba5521c091a5d3117e81fdd2ad419ef3
SHA512ad6abab3465cb25e7baf297c6b042946fcca0ce0836e9f218c35e155919e0728be7c04c6bdc1f3a74a8249d00588aaf136eaafb5920b5b86cb98d46b3cd5336e
-
Filesize
813B
MD5b9e419b77ca2c616f4276f54dad35aa1
SHA1e2ca78cff142f0a18b654a396cc1804ad87b22b6
SHA256ecfe46bc0f925605df463912fe13d3439c6896c8d06cf8e1383920b1dfd41ab3
SHA51226ff45d2b2800a8f482a4af3f39230b571663fe05131535f9fcf5b6cb501fca640b249092356735c4d18ff1bba13741eb1f4b315925ea2ef143802ec289d5741
-
Filesize
32KB
MD5b84ca221f49f56ff688fbd77b269875f
SHA12b99d98f4c58523b8c7adf4a2ebdac6a3bb3cde3
SHA2567325ead2e503bb80d341c1796f7dd0851b5089511958f09fcb16dd2af8fce31f
SHA51229860393d2a3a22706a41d286448d0eb10b7d70990f848b1bdbb6f359871dcb4503c4acf3363b8b5addf10ea0289a076085a81669e6ce97801214fd085001ec0
-
Filesize
512B
MD5e676be078d7df9f450a343bf2170e109
SHA15cc1409240b8f0ae8eee5bd25b82f8b2e6108f7f
SHA2560745680379494335849d75618265a23ae67b54d7ae9615a2abea7040c4337fb7
SHA512aeb696d47525f55adb216cf7d34c18b59f75bf4cdb5a519d2f332e27e4828ba066dec6a33133e9b7b6fb42bbc9ed773314eaba05bf164b061380278aa4f1463f
-
Filesize
8KB
MD5e420052d73c5d43bffcee6bbf3d978e9
SHA18a4fa7ec57f003edf376225e19a24693f3ff3a3c
SHA2569f3378aa9c118b4354f21b4f522979cba68c7f846ea88abf807dab607608cf6e
SHA51261b69a55b62743a4e28c982df5dcaef1dce5416fc8c8bfc0e6dee49d0fd539755545f654d31416b37e95452fdd112090a3c53253601c52a27b67ce2e1d72550f
-
Filesize
8KB
MD5f6f2966f536ccb01fe594f8fa84dad7d
SHA1e2e1a3a7cd6492f5f6fa86607eac0899dfd13cde
SHA256b78411e20c473d450c7614e3e0ecd5c5c2e03f970f397329b28dc260ce3053b2
SHA512e2af6113692de5ba1a916e5e172a7f55bf57e96b7dcf22f56f03a2467319db17a47a5cb7dbc38a9a5162094ab3a9f79deff1c2b4ac6dda81bf59f8d88bdd2f31
-
Filesize
8KB
MD5375680d65a60aff3972f482c2353cbc5
SHA1e356edc7620578472cf1f27716d565acbfb4a28f
SHA2562b0dae85f78788c5b978a5c23b8514bca30b396afd5061daf753c13cc5f68dfd
SHA5125efa459e39fd60895ec962de32b5853ab0ad7c5bacee34d090283062f8790033183d16c32c75a6cd9cbc7ebbe3ab6d96d303a9795f5e1246799ca488dec762ae
-
Filesize
8KB
MD57f9e74abffe0be7537ccd483b1aedd11
SHA197fa59bcead26e7d1ff355e451a3617166699fc9
SHA256a6fe242a2d96d9595935381028cb7bf286d6e06fda49863bbbe54101a3780431
SHA512fd72292e3b94967dde0666c1dbcacd7f02bdde35fb4ae0f06a3c16cb78b006296a0800ad82df8632b5c783a75829c01b73f29fbbb0aad8d7e5c827ff843b0222
-
Filesize
16KB
MD547d2fdbf4ffd4b9b8452b85e4094f30d
SHA15a364083a59d1228d6e58087e02b62872ce01566
SHA256b1d7d55e2f577f68bd1258b84e9f0108c4759dab16639785e739fa3bff99e09f
SHA512c46f4db5725eced1634dbdeec2ba175734637cb20b9b4fe2878ebf93c120abc1bf55f09e60bb7969026a82f07ca86742a5dfad039c90f114043e70584a998b90
-
Filesize
8KB
MD58123abbf1d3ec6a6304f99870f817ae1
SHA1d8a8139b8beb1ae907178f3674a59340120ffa8d
SHA256eed2161f43cc93b0a737f48efcbf3c0680e4519c5537061d30309d9d738e19a8
SHA512a5290142e6a93d6003a76e2200076bc6aad90884d57fabe3b163a5ea926ccce40b4aad569cfd2fff31a0eb251b182199c7ae4504585c8bf5cee33e194c124e08
-
Filesize
512B
MD5f39419ae577246107f2baff8a79e76bf
SHA1fb242c7a20a68562de1b4390c5ba3733a75e7895
SHA2569af937a9dafd12329f2adc6b0c534ec67340c7030142229a7304b9d864426a80
SHA512aba54e6499d8f52978723ea392677de52b46ed13b137eb8028283dd3c2a8d4a3d688b608c0588e9632168111ea541e4e9e6ce79749cc1e600b7e2058556c8ee8
-
Filesize
8KB
MD5ce4ecd5db437b423688550d188845b97
SHA1dea61671689e3baf1a162f169478794fc645f5df
SHA25639b770ce2d8af28a0d4e177d33c02a17651d30cb9270ccc05d39b288b871e91e
SHA5128468bab2c0db55e6c8e4cc3b809e04282d9c37b3b743720f3c90b114199141d733564a4dec0e90644fa331f998f7307e751739cb0844135fb375e8bfe1576b76
-
Filesize
8KB
MD5e2e981da6a2278ec35c90ea3d80ba959
SHA19b7e05c465ebfd1f2f49b83b82944215260e3243
SHA256acfef64cefa3605e899bc2e9748231e1885fcd226680b74abf2b66bc22bfe3b1
SHA51218cdbe424b545684c75ef576e940ca63772a2112aa00436216c196faaf51db962501d8789f43e9d8cab4993c8544d3a27d8954d609d0a1ed1e07607bebf5172a
-
Filesize
8KB
MD5bb46c1f0c78b7aaa5d50a188cf22b7c3
SHA144858b908f8ffe9950d3a6c37af0f1c34c0c12d2
SHA2561e13f9d1ff92eb0c384040db7ccf1fc2aad9e5b6e61df663cf12641adbc34724
SHA512abe3b2e7f6a6e78fcf2387f3a52a00175b6a9e46065056ed0f9a922a9a647670db45665bbdf1bd7b2d0adaa1e665bec45af0efc07050108506b546d0a6241385
-
Filesize
8KB
MD5f982d05f40c028b01e3d823943ae4b64
SHA1948a4108aafd972dcef031ec2aaa716034d5f04a
SHA2563a02eaa54f700134ecb1b33530beb959c13ee9ed166b6566bbae39995c09c9cf
SHA512db15ca4eac2771fce2530c9a582d81004d12e8afecaca7a05b4b2d02343048840005c0ec83e07c3a2f35881f1b77964d9efdf1de8dd61ec77f3f20ae61121608
-
Filesize
3B
MD558e0494c51d30eb3494f7c9198986bb9
SHA1cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA25637517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4
-
Filesize
114B
MD5e2ece0ca25db52278a46eaae04f69063
SHA1b35645d8994b2a471ddac2a314bb4a68bbdf8290
SHA256bae6fe2e456f3ad72fff3613b390f29841b7803fdf62cd4e10bb78aac3b0678d
SHA512ff6703bc4659c36dceddf7447d12bffc3ae10742e621416b6a9105f9d1d51aa2f021857774421bb149a3c248be994f478be734b3f9703a48478ad2ae3750ec47
-
Filesize
114B
MD53596e69a0466eea7f83789a1ea19e58d
SHA1e1d481b27a59c79b66188cdd1a627785450307bd
SHA2569c495c66493ec997b31268038440032c04ce003c6b283b6bd6c530bd5a7b0a20
SHA512382d16bbf398dd394cf57874d9e9650bc5941d4e489e12e4497db91a4157a5af1a8da50dbe0af196e918187433ed285babc212c1edb823b601a97e466428416e
-
Filesize
114B
MD5a660ae6bee0875d44e33c81cbae8433b
SHA1de04f94d529485fe5e1e72904fc951d5adac8e74
SHA256f44f329db275a8df8f7aadbd6e7d2c87cf354988ecc94eefb5d92f2aa2feaeb6
SHA512f6d6d73346f3b45d22afeb32c61b1c799a9d1035d5253b0743e3882e5cbf06b63090f737e7c7d78308d1dd9bf12bbf41f0f0c1cdef491d17c2962297530e67d6
-
Filesize
114B
MD5a18bb4dff19184d519048ea7a518866a
SHA1d7d1995c60be440b50af8ad2527e98c283409178
SHA256f330f2bff38c8e362c5f81f06039b1af85f704342cbc5de69d5239014314fd18
SHA5121c04f943e811ea588c8eaed12b30d589b1f46093407a336fea92ef8a5250749568b4326dc6ee6450ae23d5a7303936e57ae5ca2cc501c1005a179691569f719d
-
Filesize
114B
MD55b55ef4c2b16a825f89d14a4bfd21351
SHA16cea0c008ed64411a913a83db21f4b34368f4b6e
SHA256f02f643caa6eb09d453f0490269790b0ade5fd3bd60b04996a9769f7f1ffbccc
SHA512762eb83cc7ddd13342399b933be2e2162d247ffd816bdec3e8580e27790bca37c531cf3a47b3a25fd796dbee878e15c6faefc728a503672217e3c34deb417307
-
Filesize
114B
MD5a3f7bc0e110567d34b330cd44673b9af
SHA10b1005ee2150a31af310aed3ae9657c0a2dea6b4
SHA25610ec9f7ba423004156206e0eff83ca0d0b5defabc6837ef0f0d6f16244d71721
SHA51266eb95c7890a669fc699d551924a6edfdf2e964d015853504425b40714dcdd9fcbc12c7afedc819a191c77f5ae659907200bfa78cc1364de67ac0fa14b9a8d6f
-
Filesize
566B
MD5d3283754a28e5d0dbd7e8a903fd7632d
SHA133a06787aefb8add870fea6860c1fd7283e8a1d6
SHA256cf9f0981e8743f41faa95a0780fedcb154d0d017112645b96cab8ee3695a534b
SHA512e3f31cdf6e5d41c64c789cec50d5da94e172fb4390404a06b975f882c398f893f51d0e72d456109085e06ded2ed79e170eea1b98ec8076cabdf1f72283fe0784
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD58f651130f3346357b918a43d6854600c
SHA1c139fe19d9ab5bf38ca3fef577c5744c94191c6e
SHA2568114a51cc598075b98e01dc479b4e8ba0335663ef9761bf14b2aa0f7f463a16e
SHA5122b203d22e7811ecb82f2f1bee6c121dbe2a5e86f307765efce7a943fa2f53d9a795153e31db7eea39e536717a5dc67b07a2e38dc299025057eeb8cc26aa2e743
-
Filesize
11KB
MD56c67d94a917ade34763ebcf52fb291a2
SHA1bbaa4ca101fad9f7723aac9ac264ac93ea8debcf
SHA256bc11e58a0aecd911956f5b73acbd16c0bb5b2936cf0507b15c21cdb4d6107fb3
SHA512aa89ff8308b53a0fd19fd19fab5a5664def071d112d2469f38ff7293a65566a670aa06f4a6c9d92e8eb34aaa8ed523fab2b38a6acfee102b7e2051540630588a
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574
-
Filesize
12B
MD5e48057c3603c907cacbe1568a7dbfc41
SHA16e100086b53e20e499a9be069aa1b452faf82ba3
SHA2564b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a
-
Filesize
490B
MD52928021c49d3d99ae1af37e7d077fb7b
SHA11470c143f91045bbac6c947dcbcb35a56424b1df
SHA256359c872a72673431bb630c3d7fbfcf8f66011c1c5f2a48d32aa469912d72e123
SHA5127bb6dccb4513bc5c45b6494df18f7d25afcc568a40bfdf3fa3aa66a3235d681275b398cf1f940a7805baffce93a1ffd3026b8314375594eb6a8a880b3a7997ef