Overview

overview

10

Static

static

6

_9.3(2).apk

android-11-x64

10

Analysis

  • max time kernel
    22s
  • max time network
    121s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    06/03/2025, 08:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    _9.3(2).apk

  • Size

    4.9MB

  • MD5

    aeea87cc55094fb9f5d4d5bd2e91351c

  • SHA1

    7134e13600819dd66d03b9a49b84ce0b31ca65aa

  • SHA256

    a7fc181b0d8626c3f6eaa0ae99520f2d3fb2d47543692d83fd9fc92906d76c7b

  • SHA512

    09579970211fea258f3851036b1ac959663e3738ea3f44136d4b86bc61051cb99b2a7d4897056f6508be6c5a186b1ca7b5f8aec8d741426c43523e1f91d7a651

  • SSDEEP

    98304:2N2grLR74A4nGkiQnT8bEo1um+z2BNS55pS:G2u8FnGkYbx+z+S55pS

Score
10/10
anubisbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutioninfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

anubis

C2

https://google.com

Signatures

  • Anubis banker

    Android banker that uses overlays.

    bankertrojaninfostealeranubis
  • Anubis family
    anubis
  • Removes its main activity from the application launcher 1 TTPs 3 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoverydefense_evasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    defense_evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Schedules tasks to execute at a specified time
    PID:4788

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml
    Filesize

    7.8MB

    MD5

    62823ae8e9a6826a4f8e2a33f28e32c7

    SHA1

    7f6660fd1fcbc74c7961b9d528f97e0accd6eb0b

    SHA256

    2bd6501deca13a36f2b1617f1c56617fdc896db0983d0ba916539f6041d32e25

    SHA512

    7bfc6e31c3f9473c823bada50fc97a7510701ee28060948b26d0780b692bc5bd5c5a2b4ee9b9992ec74d459eb197f400856d91a9c3a9d7fb2a083966c4c4322d

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    1854505a3f6d683ed7eb81612934370c

    SHA1

    4f710add9a652d2fb92b7ce45589e27bf03f0b2a

    SHA256

    8100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4

    SHA512

    104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    a4eedbbe2c990a7416663a5bc56e198b

    SHA1

    8620a930c6efbcf96ab710f714e6d002e144199b

    SHA256

    b03dfe5990abbe92cb58c7df1050c9bcdab68b9b087975ceaf696ae195222b08

    SHA512

    9d424183711cc729d3506f5a5fea2e0e6aa370ff568c60e056219a20898ebdd9a7bb2f523a71721b3f3ab52d8737ea0b8f11ebccf4d5fb9405fa811502257f1f

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    f6d822ab28fe4bf478b92feecba5c823

    SHA1

    b69ac792e9efc470b6f847ca1ab7bbb25d4dd688

    SHA256

    45b623142006b08c5c95d3b5495b02109fd38dcf2179f43c00058519d1a1a47e

    SHA512

    a2dbe5aef657b89d7d99f48845b04e1e653afe4b5d0c1f98627ecf009a21c32c7802311fd00ce10fd3ea3065e7accce637b7c3f7bc90b38607fb25bef432e9ef

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    6e8d9bf576f49a00bf8023c3a51ab2a3

    SHA1

    c96accc57612e0e97d67cf8995f0d18b1d713e7b

    SHA256

    42e247c3596e22e47136a77de109ebc9c80fc8c8cf7a1c92f32eb7ace6d3b750

    SHA512

    302e4cba806f7e2bbf045ba87c45a471319f1073e777b8c22f6aebad577bf60a2e4ecc5f91f54d5a89e446d17a5e89dfa46c1132c4e63fb7edde7db7e575b97d

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    43ccbfa63620ae4bf83524196f33d0c4

    SHA1

    c58e79ffbd0622d101bed9d32486faf82556c401

    SHA256

    73e71f9c1844ad2528dfbc3242891afb52cd166dfb4d7b1359317948826325f5

    SHA512

    81ad4c840777b110d4f2958a87d08e5ccdd3719d094d4c5ad8ba7e17ca44def562940c375906d5c4bb0dcf79e7da9b7cb868d4efe165a71b7913e721ce7b3b24

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    20db31008bfa6441d1e52b78371b710a

    SHA1

    f33ae429b5e40886d853939723e9a334905be594

    SHA256

    a91f54b86fa483e097d709ee80091968ee81964bd81b40f70623849992b1ad92

    SHA512

    8fd8b92d493e85b57bbc1ee60510b8b99149d98d32e35a4db2b9a29b1b8e83bb523857f197e7e7bc0db3004244f1874ad7cd34f03735d870e44acca9f795bc77

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    9a0c54ca1efc028508781489b6120a74

    SHA1

    ee693f1f2d2f88041ddc22ea53f0acf2effbf503

    SHA256

    b9bb8ca379321100b988904e3d01a7651e146b9ba783196a3eb07e21be3aaa88

    SHA512

    b37ea4ae3d85b0157b30bb99e7c00a55eb81b458dcdec991244e68822179391d2189823cc84e41bff27170d8a65a80726123e5bbcfccfe2653ac9e5bf4a4cf9e

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    24a28488a76dbf82634cbc3675813b96

    SHA1

    92f025bbd5bffc7775a0277df5ff248907277808

    SHA256

    efd55f4fdd82d11556cf2ab6a66e813145a8ce783d14f7e39b2df9395a808a2a

    SHA512

    c3c0852926b854be1bf622cc1feb664fffe0d630a9ec1db8c37637b25451d045ea6a5b91914644f57a337a2740171d536b09ef5193e9ac6bfe5b9258c704f22a

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    79a1d07958cf926f5e1f9c67eae23495

    SHA1

    d1be823b5f0b9a65ba9b1bff62ca79506e9c469f

    SHA256

    f82feeaf97ccd101a0fbefe263d1a1a8b5ab8cc79854567ba66a6c1f8c2c4a6a

    SHA512

    76f03cdd7ca2bcbe52ceda60d1751a5a93ff523846e43ea63ab6b1e5bb64c3c5d9fd2864ba7361f9f3d9dc9983b5a9a1c5fca436730d6379c765edd26f93488c

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    1ddfde8583deed4ac791d6615db020d3

    SHA1

    91679c78960ac0e4d40d40981abdc669c512243e

    SHA256

    d2367df09573cd4ded46bae675d70b3ebbd81c25b85bed6d4a7316dc39b628a2

    SHA512

    ac8ef355599f78d0d0a13cd4c62123b858680471f3b272093f49dd661f69af1512f1ab34a1e80825a68a9ebf3474edb5100cdce6fd02b7a9c2a84150ca7ca936

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    0cf2dc56e92f3da5641c4f5f2e018fae

    SHA1

    7229cad5e782c6e9059fbd7d4ec25ccb165cf13a

    SHA256

    57683cb0e502f3afbbe82b89bc2a0b57759f5c3bd2b53341e0ba67132c9e7cb2

    SHA512

    028ad4c2578010282b3b565538c82ad3189a1c89651bebdc96105074e5bf780a535b3b4a16397137dba09a69ee60cec286ef4bb0f0fbff7191fd70cf034ca1ec

    Download Submit

  • /data/user/0/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    99f0fcbce93eb738356c3d7c841435cf

    SHA1

    0371700d16df2dd0e16e2e1ecccf123fa0f37af5

    SHA256

    e401dc141e4bdb3ea32a5c0253072a140134d86312d5de7597b1b370eceeb510

    SHA512

    d25ae2a8ce5710356beae49dfdf622e14170a723c04d095cfa9f6e76fb6dfdc56903e3bc0a7adfc9e8c1b660f6a22d4fbf39c5e2453e361782d044a62360a8dd

    Download Submit

  • /data/user/0/com.tencent.mm/files/Tree.txt
    Filesize

    566B

    MD5

    472c3da6ebb0a9a3c5c9102865d18293

    SHA1

    09e39d67228a97898d152e997255d18d7e3319f5

    SHA256

    dbcabf5331158f9fb43fef98bde7a70dc2fd185a06bf41b2c1aa4184cca2bf29

    SHA512

    54624e780c81ede43d3818222ebc3d3d042798aeb8e56d917abec1b643a28cb21123234a36de033fe110cbe516eb13034664d93873c35de1d83510a71d653f2a

    Download Submit

  • /data/user/0/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    854B

    MD5

    f1804c30c1452fe93194043928a18b51

    SHA1

    726cd54abe46e559c40585b2edf937eee4140f24

    SHA256

    b4d94fb16cb692ccbe1f836d32c7db694f0d256c0e00887a6f2bd9aca16be09b

    SHA512

    85043517ec2a97d546891ac0b2c432e2fc6fc8669bbf331ed2d457bb0e8ebf37c990c69427efca8809bf6ee2729fd5179919abf1239506d2e1495bd5f931952a

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    854B

    MD5

    e5ab676339a394de06429c48ce6999c2

    SHA1

    c3b6519a67289be5837afe85e26c08856195d5ab

    SHA256

    9de4162741ba4ed94c02e07eeb4cd2ad76e728d026f5676d9c4f5ce1c7ee301f

    SHA512

    bdb68e7621c32678e3714e7986a19c74f5d0d803affffacf0e47d5527219b8ae575c4ce05c5cb02d95b5058e194bc647e566e444d7b20b560710edcdf8fb34a3

    Download Submit

  • /data/user/0/com.tencent.mm/files/pkinfo.txt
    Filesize

    10KB

    MD5

    9a00f751ec9161eea6173758a39cbb8e

    SHA1

    c74ae019f5e5d460308b0c1716aee0587e05f397

    SHA256

    f64d9bce250494b8d11b57bc5c2baca08694b39befee3e31a74e0191172108b4

    SHA512

    c53ac74ee66d30ef43bf8fb4d729aa98a1cd1878a3ad3789456e2d7b590cbfda8745a95d9866bf68c53e3c8323b2430da81ceccd271011add21ef7370a6b50d1

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-06.txt
    Filesize

    12B

    MD5

    e48057c3603c907cacbe1568a7dbfc41

    SHA1

    6e100086b53e20e499a9be069aa1b452faf82ba3

    SHA256

    4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

    SHA512

    787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-06.txt
    Filesize

    267B

    MD5

    d2126d9fc9e1ee250e0272ee7d6775b4

    SHA1

    be81c76cb8c8cb20879582a38be90827feedcbee

    SHA256

    dc91ac84aa21024b24a9133c035f36c9d39497738cfdf067155c45b293dc8942

    SHA512

    3afa1210834d864df0fe48de8734f806c13b61c31824318377313c9bd69c84321fc0671c1ca29cf3b5971423c6457a50f9e80f4e008bcdd76c4ff73535aa5e70

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2025-03-06.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit