Overview

overview

10

Static

static

6

com.tencent.mm.apk

android-11-x64

10

Resubmissions

25/01/2025, 07:51

250125-jp628svlfk 10

25/01/2025, 07:47

250125-jmnswasrby 6

25/01/2025, 07:40

250125-jhj9wsspdv 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    com.tencent.mm.apk

  • Size

    3.7MB

  • Sample

    250125-jhj9wsspdv

  • MD5

    e15906ac8b360aa6e7867fcbb2922089

  • SHA1

    53555056dd2af1933b911ac8adc81a2f438216c1

  • SHA256

    9eaabb6d9f532f9fa304a6826b269296d7ed7ebc404827eb99b3dec1f9bc2b89

  • SHA512

    d79083592e07fe78d3bfabe5989aab9e6eba61ee1632b724115e6170daaad84e9d58f42658aa2dabfa00fe6afa2c8c4b9390d924bde9c538dbddbb4a4a8157f2

  • SSDEEP

    98304:jPR8//FcLJcwHCxZei/svO7LgJQYlcqPTwWVKQ/9Nx:rRy/K1cwix9svOuGqPTp3x

Score
10/10
anubisandroidbankercollectioncredential_accessdefense_evasionevasionexecutioninfostealerpersistencetrojan

Malware Config

Extracted

Family

anubis

C2

http://Google.com

Targets

    • Target

      com.tencent.mm.apk

    • Size

      3.7MB

    • MD5

      e15906ac8b360aa6e7867fcbb2922089

    • SHA1

      53555056dd2af1933b911ac8adc81a2f438216c1

    • SHA256

      9eaabb6d9f532f9fa304a6826b269296d7ed7ebc404827eb99b3dec1f9bc2b89

    • SHA512

      d79083592e07fe78d3bfabe5989aab9e6eba61ee1632b724115e6170daaad84e9d58f42658aa2dabfa00fe6afa2c8c4b9390d924bde9c538dbddbb4a4a8157f2

    • SSDEEP

      98304:jPR8//FcLJcwHCxZei/svO7LgJQYlcqPTwWVKQ/9Nx:rRy/K1cwix9svOuGqPTp3x

    Score
    10/10
    anubisbankercollectioncredential_accessdefense_evasionevasionexecutioninfostealerpersistencetrojan

    • Anubis banker

      Android banker that uses overlays.

      bankertrojaninfostealeranubis

    • Anubis family

      anubis

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Requests enabling of the accessibility settings.

    • Listens for changes in the sensor environment (might be used to detect emulation)

      defense_evasion
    behavioral1

MITRE ATT&CK Mobile v15

Tasks