anubis | db0a60670009f5b1636fabe3991bbe18787d8c625acb940d75cadd36d3784cea | Triage

Sharing

General

Target

db0a60670009f5b1636fabe3991bbe18787d8c625acb940d75cadd36d3784cea
Size

238KB
Sample

220521-nl3b4adhb5
MD5

ac1babe0c36fd1337821edd947c96dd5
SHA1

871e5498b0a0c18971076063679c4c5aa58171fd
SHA256

db0a60670009f5b1636fabe3991bbe18787d8c625acb940d75cadd36d3784cea
SHA512

a5773ed6ddf1b76cf3a0b053c88c3add91b5be7996b0ed4c39577ded65f8d55edebda9ca9e0714c6c450c0e4858cca8fbdbd74ba4d3c457180844d3485dc5405

Score

10^/10

anubis android banker infostealer trojan

Malware Config

Extracted

Family

anubis

C2

http://yardimlarpandemi2.cf/2a/

Targets

- Target
  
  db0a60670009f5b1636fabe3991bbe18787d8c625acb940d75cadd36d3784cea
- Size
  
  238KB
- MD5
  
  ac1babe0c36fd1337821edd947c96dd5
- SHA1
  
  871e5498b0a0c18971076063679c4c5aa58171fd
- SHA256
  
  db0a60670009f5b1636fabe3991bbe18787d8c625acb940d75cadd36d3784cea
- SHA512
  
  a5773ed6ddf1b76cf3a0b053c88c3add91b5be7996b0ed4c39577ded65f8d55edebda9ca9e0714c6c450c0e4858cca8fbdbd74ba4d3c457180844d3485dc5405
Score

10^/10

anubis banker infostealer trojan
- Anubis banker
  Android banker that uses overlays.
  banker trojan infostealer anubis
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

anubisbankerinfostealertrojan

behavioral2

anubisbankerinfostealertrojan

behavioral3