Analysis
-
max time kernel
36s -
max time network
155s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
17-12-2024 14:18
General
-
Target
591dbaf5a32736acb502fe6a554ac6d1.apk
-
Size
4.6MB
-
MD5
591dbaf5a32736acb502fe6a554ac6d1
-
SHA1
15f4870f5c6868f03376078b3ea6098570fa5da1
-
SHA256
9e959b268a3b527a0b6b7ea7fc2009d0f025b40365d297d3128bff0c2034e61a
-
SHA512
ccc753b7426454adec1fcb1ddd3b0746aa301716867d9b33db2ca4b14b01134b9736ba0a1525f9c007886ce8d4484d219f51ab02e2ca70e5bba0d35695f705ee
-
SSDEEP
98304:9cLjFd76qLgcqujgbCmfA0ONiVlASXIB671nCl4wWZJn/lWGJy+:0v7XtpjTmfAFmlA7m1nClde/lWz+
Malware Config
Extracted
anubis
https://google.com
Signatures
-
Anubis banker
Android banker that uses overlays.
-
Anubis family
-
Removes its main activity from the application launcher 1 TTPs 3 IoCs
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
-
Reads the content of the call log. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Input Injection
1Discovery
Location Tracking
1Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD50ec8d5e24581e56eb01c45155efe2049
SHA14de2aebc5e22d0420e54cb553c2739e50481e50a
SHA2565bb1fd7e82a28019975971aae5f49b0eb2ddef4a943663b654ede402d2f7f616
SHA51223f87b81f1b49b80a88b1eab7d5e08e7001486b135bedc434601eed4ab74b72804ae4f907ede18213454dfa9da7058692b012861170306adbe6b12650dd51fd4
-
Filesize
512B
MD5bf024eede41d9f14dd47d992dc4e6fe7
SHA1965627252b8077bec9ea4380930f3b06d2e7dc35
SHA256ac58928199417e1c01dec69c9fdb54888e9822cf99e7e7e2792be77fe6a8bcc8
SHA512924d95ea9d1ce4b5d90998d45fc94e3c30b6792abbaef7e8fa74504676319c13b5dbb7d84904add9f070ff3d25ba7c40674ddb31b3146623662ceef8fcc2facd
-
Filesize
8KB
MD504b3b4badf0f82fda2d614e121cac12e
SHA1eb798442906daac6b1ff6078ed2066774164b069
SHA256e786460b3534d711b8e93b01f22917cc3168d9a5b3b20ec5b8e37f8cfc1eff9a
SHA512e52f4357a820a3165237cc1869a3a201201e9b67f3bea21b7b8fadf14901932c0c5e7f4bc64f0105f33d31282a8137062f2c2dd50ab7b9b6f593f4a7c6865e05
-
Filesize
8KB
MD5062fa2e081bc3e68230023988582e982
SHA166b525703e060da3770dac3725bc28d5d265c4b6
SHA256f3b7d42433c9d7f6330e9115dbf26ff8806c9f227712cccc428591a5357f5d55
SHA5123ecde18f82d2daab6a526e16bd6a1b159fb35bc591a2f5795197f282480e6c68ff035a2f943c3409bc3b4c7a9bd861cf2cb8e381818b8773c996a19d76c9de6d
-
Filesize
8KB
MD52cba51cf9909138bda7c477adc8e2a50
SHA17d8fb9ed373638f76b63ef2ecb2a5583f05203e0
SHA25620ad4a0975d73b339eaaae8e33fc53b37fee7dd4b3f2df2c753362ac6fefba27
SHA512b271611b87cea6c05f6b0581d30ce3c48b744f523510b32d600a8e521360912826230e4254e01def6c81546c8662354e110a31b00ae764956b0dde1f9919af3f
-
Filesize
8KB
MD55f068e41c9201374ae2c59f3b5706798
SHA1938b2bd13113ee99be85de43105ad008e4fff968
SHA2564e9b1ac7e28078869b46b85740026ffc6101838ba2cc155bd27c87a1fe6f5a3a
SHA5129fbf62bcede7fa1b494e3cf7699a7f925f92dbf3c708f10df8673e2d170195d23505d101c9d4ed6bde5243b27475c4f7b967efd74662f4a80b5c490cc94c877c
-
Filesize
16KB
MD50585f6373ef5285c70d5971fd64554f0
SHA196815b45be9b2d099f7affd9be93567b8c653cc5
SHA2560f54c6bad1b866605da6367857272fc2a569a8c0069700c912543f2cb09156e0
SHA5122b5d9a8bf1afc7578bce5a3960615b3f9930721b6a00920221c257d21826a0439afe6a45190e64ed83479716aa324b0acbb4951cc494cea9b2bb82a8d1b532f1
-
Filesize
8KB
MD576c52db17faf7c0d869b14b3fd08fa39
SHA1a9c064052c5221cb662ab879b10fc010b667497c
SHA256a706fdc67f9d1adef6e66d40b9b54a1e12d9dc214e5ddd64748606afdd856b0d
SHA512afe4cdafdb9c2e39d6edac9a8612e60451780695b871bd5650eb771a6d6d605112ea2ab5a12b24b7736c75eed442684afeecd7b36ada98fd48bc9a0ca57172e5
-
Filesize
8KB
MD536f1ff9ac9062565c4292916ba38223e
SHA1220717834c2b551cf168a9c8405a4c46b6c51c4e
SHA25622121f43f7980454e78de40cf62aac2057fa2017e06e01d163989e46cc4b31d4
SHA5123e85da63113f68357a71ecac4d35e57eb881b50f864f3ef1e7e7138d16b852b4e46e9d12037f7e879a6de77050a092ca98d2adec468173225359b2bbbdce5cee
-
Filesize
512B
MD562752e0f5383af14663ac0f1611cf1e1
SHA1ce9a7ac23e2e819a05f02845d71f3804da05bb05
SHA2561393e924f0fa57e77851e243e6fb4d9b897310b626230a3751ca0391bf1785e7
SHA5127238daa0aeff6483d9ad298d85d34f66bd6c81588c38c52c6c4277177f420e347d1e96a90912170ba58ae76a5f933fd60194b03f4c1d6084a218a8db893bba0c
-
Filesize
8KB
MD5ccd99d3401555e83cdb9937559d48a99
SHA1d0b0bc5a1a4af337dbd5a2f8128d69e7e81e70b3
SHA2562e3949ff93d52bc97e6d5d37da88beb180a94c3b48ccf1416b9eeabcc2ca3910
SHA5120245fb9f4bfa81845e3d25cf4b3e84798025b917451102bd52b78727f1ffe7851c7099134f1edec1a747a6b0bbf838a5c529c18243b106f9061db74b85ecd789
-
Filesize
8KB
MD50a1dee6797f2af85213290660c514f64
SHA1fb2a5c4d26f6a81e497e1fc37ba647b4840fd115
SHA256343ab12955fe2ca92ed72cfd4b7120a626b7995cf5f5c087a76397ffa53c9096
SHA512c2705a93a60e290042de5667b6483b0d884d56f6cd19e9ff93eb2a0af58b90dafb029c8dadbabf07ac013a85179a028f35ce912af2b687015e3cd6d9e2c2b067
-
Filesize
8KB
MD5069f2619a0b119fa9df7858d29e5b8a2
SHA1751742d406fd9196788c707773ec9475d4433271
SHA25658b85a880dc0c9bcd3de1264f664eb2f27bc013dfc3fc3a2a7e91c3219d8b6b3
SHA5121a087395917df4bad9598210c6af6a0d00c34be50fdee67bfd1e4a1f1b3b34aa67bf5f7fb92ee1aa85fde86e6bd8c6e75d3ea224ab20e18535a0e25d9f728c1c
-
Filesize
3B
MD558e0494c51d30eb3494f7c9198986bb9
SHA1cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA25637517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4
-
Filesize
108B
MD5ed26d14affc3dac86955a996abe0dbd0
SHA10c1864730e9cecc3f9730d3f07e695c93fe70a5c
SHA256fbbef8b5b0e76a2050af638b9ad840a5cf4f388704048927dd240e9c0b1b0bf6
SHA512502a6195865df9a33e0be05beaf204951529eaa1fa951476c7f5e7438bac0be5273761b061a61fb79eeb947991de95a10e809314a7d15219c63da28c221301df
-
Filesize
126B
MD5036b1277e131730fadb8fcca4d45147a
SHA104dd82970f50fe5997b6efa8d25f2fc43b3b50d5
SHA2564bae5e03489112af76ea8cf31d08e913f67e5687aad0d1cda5caed8530916671
SHA5121e4585a87a4aa9ea15003a77ebcd8a24eecaa3ac86e0327f9221f1b3b151a6500a58fb5741e0803c46fc0aa8bd69b570d367c2e97794a9f6646c74f3b92c6860
-
Filesize
108B
MD59337c842e7a1d7c734c0af48cefc05aa
SHA1e6d52a6a5fb9fbb871c9a25bf27ce5ff49bb3c89
SHA25629928560996bf53c8f7f2b14c34095f264758431b05e253931e2befedda168b4
SHA51236f08d11549e6aea7f6a57db1fe9fddd0e6710907c8b5a20f78f96ff351fc67e8f72ad7a37648b23ecd041d4e68ca388c35b105af0f6defa954ba0db77d7f58a
-
Filesize
136B
MD5eb2bc5bbfd9fbd6f3363013d58f1cc49
SHA10cdfa2311c7d66de9dc5a2b613f349ec5aa0a884
SHA2562776879affe7ac64f1c5cc492a8951fac5af1f4f8b2d2316f90e5c8e87da85dc
SHA512fc86be9e68e149765926e0d97e2b245264a4a22a3146fbbd6df64b6f186408c2ad13218ae1fae14f2d5274b7299add355339699d9c6627b488670eff3660b656
-
Filesize
126B
MD54bd29e7cf29cb214992fc3f828933f20
SHA1b738f87df7c5f8be841eef9ce81b426d134497f8
SHA256f2891b41c4c619803854322e6493b0fef89c355efacf69dec94205e3da0b1e15
SHA51272e0b079337006a5f37916f74540b5ccb46f2cc952efe45f540996e0298e5d16d85a5851850c70ac77884c914a2de1c74c06f6c6ae5ed8d4b3b89ab91863fcb9
-
Filesize
351B
MD550e66a5b2212448f10cb9b20d7f3013a
SHA183f8e0adb8fb01888bca44a0ea7f0737fe8450a8
SHA2562cd863398beb3f5aef378053bb3ded376ec4c584a4b54fc5266b03ceeddb5e0c
SHA512a02dfc5f9308f112b21ea10b16bda50e52d9a9bbc21feba6ab90003dc2211a4d19f80b3ccfbf4a2d3cd41c896969297fb304631d0a1088819a40333eca2dcf6b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
4.0MB
MD5f549ee64871697a369a473ef5673d3de
SHA1ff3b52841b34b603943f03282011901145aa7610
SHA256d1afc8c2f139a22d735ecea2ca1f4838bfe8fb291df7c9fc02d656c6594b0de7
SHA5123525841d8ed56170c3b983492569795ba0863a09d09947d28b2fde4b3e011c7c52a3a6f7cf3c3fc7f61b9cf1638dfbaa2cd9d6244503d55498dbe23e1698993d
-
Filesize
7.0MB
MD5dcb839b260728ede93282e30af0d4bb1
SHA1bd43c36a8f428834ba015b9ecd196c57a5392c2e
SHA256d3a7a28c6fd1e21dcf0b77e851a0e5ba55ab50231907e914f2c9ba081a5f49f8
SHA512aa13b235f1c989db2821fab9d8821213840592dea86bb30e7ab6f534353fb6e4934fa44ee82938a5ed1a143ee0a1fec57dffc0cff53f00e37831bb225981b813
-
Filesize
827B
MD57c7e619d6fb16d9bcd8b2f44acd300a7
SHA181c645feb54a88d05001ecce5487792917fc7b98
SHA2566eb5630a1cd70dc7efe000d41a27db41d2541b30674f701c290639ab19e34f0b
SHA512139a48e169ce6afa52ea29efbd1571a2c34a41331a0fb898aadd7d94eeb9f08a504d2cb04ce421848668d03e66d31939316cc9674836cba8b0d6e53171d24f81
-
Filesize
827B
MD58c888fd28233d6c3b09546a4275ede63
SHA17dbc6f7b2af7da6d1543fd229d380450a6a7f954
SHA256f02184bfcf1e0cf1c2310a51a26e1224a99adfee089759602799ca63bbc9a110
SHA5124efd07fcab5e9d1b7e3534cb44e66862dd33beb8f9789aaf1de938bdf20d30795bd16ba8002c3760e84f97be7a66f971d4709a1f5c9d9dc44dfe6a2b8300ead4
-
Filesize
9KB
MD523ff08fc46b9bff7eccc11320444b9ce
SHA1fadd8afca8a72f47eb62e6e880ceef843c43373f
SHA2567e1456c24bdc778a2638c57e962dfc41c864e7778cf52a0df92118911928f757
SHA5126f3b0ed0c5e28df4cb68e5d2d41f747d7e6bff7c9184a8f0feafb169a31c1e862e9c26893c34f136a1f8678d67687a5aff4487cc54a38924ce90194ef41de604
-
Filesize
12B
MD5e48057c3603c907cacbe1568a7dbfc41
SHA16e100086b53e20e499a9be069aa1b452faf82ba3
SHA2564b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a
-
Filesize
267B
MD5ca83936d0c0ffdb4a991046e32ccc956
SHA16d34827e6fd5b8f716cc5f7d7843b581713aeab3
SHA256b50da55ec1fcb8d0589b49d5b3dfef915d77f3dbb24416bb1305441f81c507d2
SHA51261bb1d4d033b0ddfa7ae802d5732c00af6db3aa5bcfbda0c60a0f12bd9fbbbd03123990c55d5abbd3d6e967471101b82e409f1620a73a3cf8c627452f61440d4
-
Filesize
12B
MD5a9256f55737b655c8cff95418411997c
SHA1d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA51210d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574