anubis | 04765e3f8e4c1c3befe2855eeb6e7cef1904bd6a4f675fcef711e98908c7f752 | Triage

Submit
Reports

Overview

overview

Static

static

7

04765e3f8e...52.apk

android_x86

04765e3f8e...52.apk

android_x64

04765e3f8e...52.apk

android_x64

Sharing

General

Target

04765e3f8e4c1c3befe2855eeb6e7cef1904bd6a4f675fcef711e98908c7f752
Size

580KB
Sample

220521-eael8acbbj
MD5

4790085f52069d85a4c0ece1f1ab48eb
SHA1

fa5b9226d7b9546f22412e884d74aa8bb9f8e402
SHA256

04765e3f8e4c1c3befe2855eeb6e7cef1904bd6a4f675fcef711e98908c7f752
SHA512

b512b11c107f8f5525f3ca8a15b87738e4e65c46254b5d82f98c2c296bded2395ee7c5d0776d27b1eca57b5e0ab2d11483efc68d1354eb78186117c2c5c3afca

Score

10^/10

anubis android banker evasion infostealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

04765e3f8e4c1c3befe2855eeb6e7cef1904bd6a4f675fcef711e98908c7f752.apk

Resource

android-x86-arm-20220310-en

anubis banker evasion infostealer trojan

android_x86

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

04765e3f8e4c1c3befe2855eeb6e7cef1904bd6a4f675fcef711e98908c7f752.apk

Resource

android-x64-20220310-en

anubis banker evasion infostealer trojan

android_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

04765e3f8e4c1c3befe2855eeb6e7cef1904bd6a4f675fcef711e98908c7f752.apk

Resource

android-x64-arm64-20220310-en

anubis banker evasion infostealer trojan

android_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

anubis

C2

http://www.flashl1ght.top

Targets

- Target
  
  04765e3f8e4c1c3befe2855eeb6e7cef1904bd6a4f675fcef711e98908c7f752
- Size
  
  580KB
- MD5
  
  4790085f52069d85a4c0ece1f1ab48eb
- SHA1
  
  fa5b9226d7b9546f22412e884d74aa8bb9f8e402
- SHA256
  
  04765e3f8e4c1c3befe2855eeb6e7cef1904bd6a4f675fcef711e98908c7f752
- SHA512
  
  b512b11c107f8f5525f3ca8a15b87738e4e65c46254b5d82f98c2c296bded2395ee7c5d0776d27b1eca57b5e0ab2d11483efc68d1354eb78186117c2c5c3afca
Score

10^/10

anubis banker evasion infostealer trojan
- Anubis banker
  Android banker that uses overlays.
  banker trojan infostealer anubis
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

anubisbankerevasioninfostealertrojan

behavioral2

anubisbankerevasioninfostealertrojan

behavioral3

anubisbankerevasioninfostealertrojan

© 2018-2024

Terms | Privacy