anubis | 5ad5e92ba2421c0b111a25383d859604bd9abb8468907b185bdbfd4b0661a173

Analysis

max time kernel
3868517s
max time network
167s
platform
android_x64
resource
android-x64-20220310-en
submitted
21-05-2022 11:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ad5e92ba2421c0b111a25383d859604bd9abb8468907b185bdbfd4b0661a173.apk
Size

3.2MB
MD5

6f63145b71dccc2711e6baf40899f274
SHA1

a1b8f8b2fda17fce23dcdd1c6222b91dc772417c
SHA256

5ad5e92ba2421c0b111a25383d859604bd9abb8468907b185bdbfd4b0661a173
SHA512

1789ea12b9263278fbc648d229a59a04112e727f9c25a240b320476af06d9a29814bee8a1b265d7a6a998ce4dc77a45bde1238979d0c092485f12d94b8207f4a

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

xngcajqbsnckkydsqdtgu.idddnuc.hoktniwwhdhzjhskow

ioc	pid	process
/data/user/0/xngcajqbsnckkydsqdtgu.idddnuc.hoktniwwhdhzjhskow/app_DynamicOptDex/ZEDlscG.json	6296	xngcajqbsnckkydsqdtgu.idddnuc.hoktniwwhdhzjhskow
/data/user/0/xngcajqbsnckkydsqdtgu.idddnuc.hoktniwwhdhzjhskow/app_DynamicOptDex/ZEDlscG.json	6296	xngcajqbsnckkydsqdtgu.idddnuc.hoktniwwhdhzjhskow

Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

xngcajqbsnckkydsqdtgu.idddnuc.hoktniwwhdhzjhskow

description ioc process

Framework API call android.hardware.SensorManager.registerListener xngcajqbsnckkydsqdtgu.idddnuc.hoktniwwhdhzjhskow

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	xngcajqbsnckkydsqdtgu.idddnuc.hoktniwwhdhzjhskow

xngcajqbsnckkydsqdtgu.idddnuc.hoktniwwhdhzjhskow
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:6296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/xngcajqbsnckkydsqdtgu.idddnuc.hoktniwwhdhzjhskow/app_DynamicOptDex/ZEDlscG.json
Filesize
2.0MB

MD5
c3385449336997419d752f9802c86a1c

SHA1
6bcbdce954e7c9343178f3f980ec4d7dda17786b

SHA256
1ccc4d4d0ea457319c2efc78401b84161a6a800b241f0dfb055531c9b2714b2c

SHA512
758395f147ca7e6be0bffd770994d739ba19291d7aa9eb5f404666a86cdec60c98bbcc1dc072c4c7531cd4e9245388eea1e8102489b770cf074c804fed9042f8

Download Submit
/data/user/0/xngcajqbsnckkydsqdtgu.idddnuc.hoktniwwhdhzjhskow/app_DynamicOptDex/ZEDlscG.json
Filesize
2.0MB

MD5
02f9a2d07f0d087f9d0876ff1d3dd267

SHA1
b86e3b8c5c24ad0c6e6d76a81e9689d876363555

SHA256
38beed3eeb7fd0eb9b7df2ea80c11ba1f3f816162e380cd4701c4be03c6be2c6

SHA512
2a99c0470c165454f496f12b18109f58fcea6e46dabb079c64ddf6e3539679cdc9dbe464d199b24461ba924298c73c23e7924c3f7e030f484bcc6ff7fbc50928

Download Submit
/data/user/0/xngcajqbsnckkydsqdtgu.idddnuc.hoktniwwhdhzjhskow/app_DynamicOptDex/ZEDlscG.json
Filesize
2.0MB

MD5
02f9a2d07f0d087f9d0876ff1d3dd267

SHA1
b86e3b8c5c24ad0c6e6d76a81e9689d876363555

SHA256
38beed3eeb7fd0eb9b7df2ea80c11ba1f3f816162e380cd4701c4be03c6be2c6

SHA512
2a99c0470c165454f496f12b18109f58fcea6e46dabb079c64ddf6e3539679cdc9dbe464d199b24461ba924298c73c23e7924c3f7e030f484bcc6ff7fbc50928

Download Submit
/data/user/0/xngcajqbsnckkydsqdtgu.idddnuc.hoktniwwhdhzjhskow/app_DynamicOptDex/oat/ZEDlscG.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit