Overview

overview

10

Static

static

6

com.tencent.mm.apk

android-9-x86

7

com.tencent.mm.apk

android-10-x64

1

com.tencent.mm.apk

android-11-x64

10

Resubmissions

25/01/2025, 07:51 UTC

250125-jp628svlfk 10

25/01/2025, 07:47 UTC

250125-jmnswasrby 6

25/01/2025, 07:40 UTC

250125-jhj9wsspdv 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    com.tencent.mm.apk

  • Size

    3.7MB

  • Sample

    250125-jp628svlfk

  • MD5

    e15906ac8b360aa6e7867fcbb2922089

  • SHA1

    53555056dd2af1933b911ac8adc81a2f438216c1

  • SHA256

    9eaabb6d9f532f9fa304a6826b269296d7ed7ebc404827eb99b3dec1f9bc2b89

  • SHA512

    d79083592e07fe78d3bfabe5989aab9e6eba61ee1632b724115e6170daaad84e9d58f42658aa2dabfa00fe6afa2c8c4b9390d924bde9c538dbddbb4a4a8157f2

  • SSDEEP

    98304:jPR8//FcLJcwHCxZei/svO7LgJQYlcqPTwWVKQ/9Nx:rRy/K1cwix9svOuGqPTp3x

Score
10/10
anubisandroidbankercollectioncredential_accessdefense_evasionevasionexecutioninfostealerpersistencetrojan

Malware Config

Extracted

Family

anubis

C2

http://Google.com

Targets

    • Target

      com.tencent.mm.apk

    • Size

      3.7MB

    • MD5

      e15906ac8b360aa6e7867fcbb2922089

    • SHA1

      53555056dd2af1933b911ac8adc81a2f438216c1

    • SHA256

      9eaabb6d9f532f9fa304a6826b269296d7ed7ebc404827eb99b3dec1f9bc2b89

    • SHA512

      d79083592e07fe78d3bfabe5989aab9e6eba61ee1632b724115e6170daaad84e9d58f42658aa2dabfa00fe6afa2c8c4b9390d924bde9c538dbddbb4a4a8157f2

    • SSDEEP

      98304:jPR8//FcLJcwHCxZei/svO7LgJQYlcqPTwWVKQ/9Nx:rRy/K1cwix9svOuGqPTp3x

    Score
    10/10
    collectioncredential_accessdefense_evasionevasionexecutionpersistenceanubisbankerinfostealertrojan

    • Anubis banker

      Android banker that uses overlays.

      bankertrojaninfostealeranubis

    • Anubis family

      anubis

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Listens for changes in the sensor environment (might be used to detect emulation)

      defense_evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.