Resubmissions
25/01/2025, 07:51
250125-jp628svlfk 1025/01/2025, 07:47
250125-jmnswasrby 625/01/2025, 07:40
250125-jhj9wsspdv 10Analysis
-
max time kernel
38s -
max time network
103s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
25/01/2025, 07:51
General
-
Target
com.tencent.mm.apk
-
Size
3.7MB
-
MD5
e15906ac8b360aa6e7867fcbb2922089
-
SHA1
53555056dd2af1933b911ac8adc81a2f438216c1
-
SHA256
9eaabb6d9f532f9fa304a6826b269296d7ed7ebc404827eb99b3dec1f9bc2b89
-
SHA512
d79083592e07fe78d3bfabe5989aab9e6eba61ee1632b724115e6170daaad84e9d58f42658aa2dabfa00fe6afa2c8c4b9390d924bde9c538dbddbb4a4a8157f2
-
SSDEEP
98304:jPR8//FcLJcwHCxZei/svO7LgJQYlcqPTwWVKQ/9Nx:rRy/K1cwix9svOuGqPTp3x
Malware Config
Extracted
anubis
http://Google.com
Signatures
-
Anubis banker
Android banker that uses overlays.
-
Anubis family
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
com.tencent.mm1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.4MB
MD5d35cb1611e7b7df9d0a619a7fb9691e1
SHA11815183b2654a7b153093b1c531bcf6efa3ed4a4
SHA256d747e46c7dd239597e3696133ebda66dfa4459794f65290c43d52e8df13596eb
SHA5124aa50f91a49e22ee98d606c627899e722ad0cff159772ca83cec6523c05ad0933fd16d051ba5c21d871f26912e3925c3ad1d7c61027aa9200d5886b9e5aa975c
-
Filesize
16KB
MD56b0272333b19c54fad30086ee03af82e
SHA19430e36ff826c1efa6192ff334ec2b1829f7ded2
SHA2561543f0f33c4909f9dfc6b65376744f6a08088296addc87e91bc521569727aba5
SHA5124e45aebce3214527dca4af05a3e8057bd5bf6b3495ef6fb99ce9b06a2c202a6d8031bfdfa68df2cc4165fdf88966c1fb36b0051277bad7c51122a9dd4c65568c
-
Filesize
8KB
MD5086bbedce3bdfa8c7f58dc6e58a85f8e
SHA1bda3941307082bfe51d5b4dfac4a4b0b93b38def
SHA256de827369386e4d6bc8ffe2e8000e93c5c9d7b04901e40576813f02ca6959a897
SHA51236941aab7246f747504d18cf0f5058fec997f06077ee4f1bd1e0704a94f368c3935c9a5e14da9df0c1789fbc610555516ff2ea8ef0e6e191746446c97e62fe5c
-
Filesize
8KB
MD5df8a4575abb6534acba83ee30dde7617
SHA12b04acc28a54a28e73a95d3e0e8afb227034566c
SHA256e70b579cd8c02fbe8410ae692d92224e348b3e8c5ab3639577dd98365abacdee
SHA5126efc33e564b106a6129bb427739731e4f41f0ec7c9ab850944c6cd7f4bf908b26b27d031177d63079c105692ba450f32434ab3dd50cc37018d297e09ad8769f6
-
Filesize
512B
MD5f2b7f9987465637240823cd847fb0d70
SHA18619fba6d27906004261ecd8e0bc9a1bff558b03
SHA25643fb2a139766d7ae27b5c89801c1a32f8a434c49d4e94161d1de05fba597061d
SHA512621c0dbbd5926a6df2ef9e74de95a0f097ad558fbde7204463cfe49e44c1c996114302ee6fa80d5fb447f0b3730e6bc8288d75caba26137aa8668b3bc7001281
-
Filesize
8KB
MD5aa9d2428e021e93bba16102464225c2f
SHA1b6cc63199c1aa38cd2d195c6f484ddfbcc6e8217
SHA256e50873074f27d842b466cc8f4ed23efa4e1559cea4302d3ac8275117b63f1ef8
SHA512d2807505862f33465d2b3ee263c4e138852333a75fe409a0843819a754cc8590e0ea347c4d0372d1f1f34aa509ce0b9504088d602184bc5435fcd53cde06d250
-
Filesize
8KB
MD55a51d6ead8246ab5d1e6c33e88fcac31
SHA1f3f54c0240037f344f94e3519dbf0ade24783180
SHA25636fb4641fa0d71f3eff85625c81bece363ff544bbd882e6ba54560d26b808401
SHA512542f6214a637cc61a87cb491c0c39319f2177b2386e4c6822576cda1fe3f315de987b6bc2456e6f978cff76275ee5ef8185304b84c86296dc9f61e07d00f9ec8
-
Filesize
8KB
MD5111422cc33daa77ef228ef3007a10b3a
SHA1d60342fe0529dc8b4c8029681c2b9b155a5a73b3
SHA2564deb30c68af37de0240a014f3ea01df323dd3301b4c85c359571dc48b9330cdc
SHA5129917618e575b9453e26830443f2f3bea2f49b589a0dcb7642f4a4bdc08b8f5b312b4c7e3f2a65745b69c50047df8515c044e1d7750cc6244d01270fc7b74f633
-
Filesize
13B
MD5aa7b9d0b7e8387a5a26395ec8caae37d
SHA18cc4b941074dfe64309024d517c2f077b4314472
SHA256955166b6357b9d31375bb51c26361ac795605702bb2ff86f81c58ab54535436b
SHA5127575e4d9f832bb77aff6119f1b6a9200d4b4a47c1af2482eab7f2e42bd7499ae0129f3ec7bff5a8a1a88710d298f9e551c765e083dc63cd566121d18aab220c0
-
Filesize
25B
MD5ba30336bf53d54ed3c0ea69dd545de8c
SHA1ce99c6724c75b93b7448e2d9fac16ca702a5711f
SHA2562d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af
SHA512eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e
-
Filesize
268B
MD53083384fa5a386aabcd9020e49809692
SHA115ef8d70b45dc0aeed24dd0a239bd3f55458b670
SHA256260c86dd80f656a905b1abf40e55de85be33682c355de1278eaef62157c27f98
SHA5123cb950bd7a466538797e3dcf68e6897db9eac54c85c65caa0b279d38988b5cb09105fce3965d4ed31c535ff0425b14ccd737a52adcd40bc544095cb060ba3fb0
-
Filesize
13B
MD590d0fa7ccdb0cb7811deebf7ba61bcd8
SHA15df3531436beb45f541a2ecf66f9d5b63e1fd8e8
SHA256af2231aaeeee16d548418d872b61e50f05602bc5bc2f19f99a18fd17178a5803
SHA512c4e7bcdb35bb47e8204dbc8a882bbb95dc4fe54d8d42c3f935d2e43b87754df6744e5a1b8cf672213760b666e66381fd2876d8ad928670645a3f6eca1a25ffaa