Overview

overview

10

Static

static

6

_9.3(2).apk

android-11-x64

10

Analysis

  • max time kernel
    24s
  • max time network
    34s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    19/02/2025, 13:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    _9.3(2).apk

  • Size

    5.0MB

  • MD5

    83c59d47777e461a96524bf061bea1c1

  • SHA1

    7469fa705326be8a4f301ae2d01bf66ea8182111

  • SHA256

    3e791a4dc4f948d9d1eb69f8db76b77850bfd2d9d3e1bc4357115aea993ab027

  • SHA512

    e28f6b50d8f41f0f5228892bd112d1ded7948731f99551e72bd73649c55c5bfa773dc0d5d21f06dc7457ba3b7ed4a504f1a837171ab35281a18832d689c14bff

  • SSDEEP

    98304:Fb7BNg8ODj/V6y6gUCgyl7IfR7Ueo44MgKEr:5BN6j/QCUpyl6R/x1Er

Score
10/10
anubisbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutioninfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

anubis

C2

https://google.com

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Anubis family
    anubis
  • Removes its main activity from the application launcher 1 TTPs 3 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoverydefense_evasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    defense_evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Schedules tasks to execute at a specified time
    PID:4736

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    1854505a3f6d683ed7eb81612934370c

    SHA1

    4f710add9a652d2fb92b7ce45589e27bf03f0b2a

    SHA256

    8100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4

    SHA512

    104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    3f205393c89ab3fe6c7aacdd3ab6bd88

    SHA1

    bc40baa4b62278b21658378ed0cfe1fdf45af4b1

    SHA256

    a4bd4a24e22679c2967c2897c0974584e285219314b13897c8e3efc8c9e35da6

    SHA512

    7382d785e0bcce991dee8faa43915055d555e39a83f1b27f6e96c8d552e90cfd87cff9f4892403961a4aaead0eedbc16a7bf70a4bba7590022a13ef4524bae0b

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    777c40b661a2175172120f839b469d0d

    SHA1

    9ceacccb3b7eee460c24f14d8871a86a72956112

    SHA256

    078aa8708077c0a306f069269676df6017dc9ecb43f826bf59a2bcb632a2c3fd

    SHA512

    4d9e8b284d7bfeef69e1c6ceb38ac5d144ed2543c8374d5c7b1d35d1a9f6a82994d49b32e9091fd2b33c72d4300af3c1f8d5d5accdd2bc6a5aa647ea5d934b24

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    2c32d56b98b12d0d18a11cb9def530d8

    SHA1

    619001842aa5ecbe2c36a62852df4446b056ddae

    SHA256

    5f7c493c3c848681af68229502526ce24548ab31e109dde776802b15075b5efe

    SHA512

    192d8bf931b2848224c0d29c9f033a2779ed97303f907c0dd6d8f448e1dd7381ff583a254fbd98f1e0161533fd15b72a28d5b905cfc7ca88c93cf9c6b46c2f9f

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    4b048a47c428949550bbd8e61809e6e7

    SHA1

    d668a71a3fa3f5dcbe0c0afb5a960a90b754565d

    SHA256

    74637bff1660b394a673f36536e7bc0b9a74f1dae397869bd5b95d6cbeb3e2c9

    SHA512

    087e0709b54b664e9f058c23c7b079ba3a02014e2a0bd6795e6e56e770ad3dba15079e5fdb650eb23e3cc9ce185acfae86f4e01ad76a6c91b6c178a6ac9cd825

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    0cd306e62b88d885318383aa47e56bbd

    SHA1

    873eab45f86b15d5660cb02ae00caac5bb14e8d6

    SHA256

    a4cd2dd5238b3619ef8f8e9e06d92ca2ab7e6602f931d91588ca79b338f9bde1

    SHA512

    3b9426e86a07e08334a2156d21edf67093b95a282b924e711ad6b801289c4a10bcebc585c91d3092fbbbdef60e3afe241d0605f26bbb07429e42f2962422dff0

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    c6904b59f4480a5a468d37694cb2f494

    SHA1

    5b12679169f034ee0adf603742f2a47e6630c7f7

    SHA256

    3a27cbe69e41fd0e6a39d21dfdc735b1fc1c2a775a8bcccbb986e1a1d2bf9aaa

    SHA512

    cfd2b680eca9b948abe1579bbc1dae1c6cba2d430c8d202792ab066f96b75d5664c7e99d831f2cd0d21ea6245f40842c2bd326c8713f1bcbfe8a1e44c89aa1c2

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    e6c2e728f6a99f024751ecd41495eb9d

    SHA1

    2bfbd2e5e71ac89f97e81549b9a7233a8f034d31

    SHA256

    3d0823b80439ebd9589184aa3848aaa5acb870fa0f451d19c34a0cef12c9877f

    SHA512

    a77dece2f59f1a355d8d0ee84a24b97053660cf5df9b35e07ccc83e9a15124328ef679e5ed5e81a18d11b77f5f06975a79e5107179944a58f506f00da4621b75

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    7f71b4f0c01abf617bc23c415e94d90c

    SHA1

    ca54a568850c967059fbbc0405c2475d4ea8778e

    SHA256

    fdf0c24bc9f1c75e6c1dc97828323144c6624719ecd948a1d4d4e57fe98a7939

    SHA512

    5d2e4e8f85bfb270936230bdfe2f82b35f6151ae652bccd36b6e6a2bacf7a5830bccbdb30e55a96d1375ebb3bdcdac0b5e0facde96fc45cf1d20ca7cd3997995

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    2dad0942979f94cf8ead7db03a239d67

    SHA1

    c2c7182bbd5a3490ea7f7b2446f06ca4abdb3c61

    SHA256

    f9738710d7dd599c9f2fd184f93638c7ccc70b6e712edc329eb483989724dc76

    SHA512

    0537eac670976bb64daeb37af764d3f88a82834d9a1791914963830528a4934619bc6ba7012b04010dc57e274a95c26c32fdeafac2cac8a1c84e20d011768c9a

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    2096d82c92f1287bc34ce126245a6566

    SHA1

    9cb8db794dcdd39cf5c23337290d73e5b750f9b0

    SHA256

    c37d578f3915e4118777b7d47fc54c84f4b9fc40a8c81efbf72dd097acf943fb

    SHA512

    8f8364c4e455c5c78491dc8e772eb5f43e5e71501bab62d56806aea2ad43a18c87ae7dc581f29b51f057ad4aaebd0fadb974e0782a837e3e77fdc13dc3fc71cb

    Download Submit

  • /data/user/0/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    bcdc2761096da5c5c653ea3bf4fa184f

    SHA1

    abc9e950f10dd77ff9711ee4bf5a7ad600862fab

    SHA256

    fcc64cb48b0ab7de1ba418ffe630221b09622ae7aeb53c27d674162effff8bb0

    SHA512

    fe6d5f36871da512c15b216d5b093c734256b2c928b9a6c6fdf5225a158a02bc77b536c2491c0250849c6584175e2c22fc5363341dfae790c8e940b5a31df709

    Download Submit

  • /data/user/0/com.tencent.mm/files/Tree.txt
    Filesize

    566B

    MD5

    59a400f843ac75df13e2de7ccfbd2198

    SHA1

    c77dc1b53a6920880e9d67a011a3dde74277047e

    SHA256

    3705777818b9a94c8454aa1e57230746a87f35d78389d38186996786cae53852

    SHA512

    920952bcb02ac04b6595049b9d9170cc69a6758fa807fb16ea367ec2bb82bfcdf672d4af2e9e055e11be8dd065a4a36cb7ee30cdeeb8a32f853e667bc079d5f2

    Download Submit

  • /data/user/0/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/user/0/com.tencent.mm/files/arm/classes.dex
    Filesize

    7.8MB

    MD5

    7b9f4387e86a301679d14f8c9457bf88

    SHA1

    720a4d3347a064540f81f70abd46c7a85b016c07

    SHA256

    cbbf40a363b4895c0edb717da51d18aaf4ff5962e458e338982ebd9672f027cd

    SHA512

    3ca486a51f35dc44acf5278928c410522dc49746723a996d5f5e33bb3ab3c37d9f189a1caaf381f028411b7f2cae46ef39062b5a662ea5f4f53605b3cc0b37ed

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    854B

    MD5

    1a3d4349cecd632c41f07e6e194ca7a1

    SHA1

    698d9b19844c823fe6787f2758f95b9e1cfda4f6

    SHA256

    60b5ea526e1b6be84f0ad3452303a0f1236fb083a1d53082dedf40c5c04052d4

    SHA512

    1379a1a8b320fac6d332df6646faf88af5d305378b95e8cd3bc61cafaecdbd1dadd12146b963b30f6355de75e691b49c01215c18ce40617790840106988c0fe0

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    854B

    MD5

    8aadb1de8effdd08b77c2e2fca7ed466

    SHA1

    fd101a364bbe80e149da6b3098d2048d7bf3569c

    SHA256

    cee61c9e7a3b4003c3436145c03fad48d20dfada3ec4d2d420fed85d9a6b421c

    SHA512

    8a3ab0326ae0402342b81aac3fa0193a5d3129ec5a1964748048dde4153c0f3f6e61786defdc1348a9c8b6ff2a9d38bc9017d94c6ca50df1da380122e885ec65

    Download Submit

  • /data/user/0/com.tencent.mm/files/pkinfo.txt
    Filesize

    10KB

    MD5

    b4aecd951826db748407860bab45fec5

    SHA1

    28b46d28e8e014e20ca278aca37e4709d01be9ef

    SHA256

    d1cbf3cd94e6b9af37f944b942180d5baebcd9fa65cf99d16f9085b9e69d0967

    SHA512

    e26208bce39d79d8adc8c5c62cb776f2e4da1a8b57f551f3588d2a92d53125acae769cc36c8f0ed1718f4e4525aaa94ec7343aab0960debeb319c47672d8756e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-19.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-19.txt
    Filesize

    267B

    MD5

    e7cefa73230ce47fb8fa24f0cca5ad77

    SHA1

    e1bbf4e7493cef1596fa2bf349d9b24f1f088b58

    SHA256

    ce0a9dfeee5b7665e027294c5fa3150df314173925ece3866cc0fb380311665b

    SHA512

    9e4aeba1723fac66e5d61accd1e285b0a14cf45692aba768aac5fa0b7f7261f4636a8a822adc6135a7e38f55047554a2f0056d4a7da4742e5105353dab806b77

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-02-19.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit