anubis | bf7b1fa4f533d44e84bfa1a7a4a45bef330cb5b5f1ba2f03e7188be8f74c0c8a | Triage

Analysis

max time kernel
672478s
max time network
169s
platform
android_x64
resource
android-x64-arm64-20220310-en
submitted
03-06-2022 05:31

Sharing

Report Analysis Logs

General

Target

BF7B1FA4F533D44E84BFA1A7A4A45BEF330CB5B5F1BA2F03E7188BE8F74C0C8A.apk
Size

273KB
MD5

b2c140374dbcca0894bd729ebb1d5ed9
SHA1

a6215fadfacb33aa44d3135c257ec8b7e46afef5
SHA256

bf7b1fa4f533d44e84bfa1a7a4a45bef330cb5b5f1ba2f03e7188be8f74c0c8a
SHA512

c92b3cdcff7f70fa093a9e4ac9571646c79accf194f285a196ae6f93e1d7e9a55fb8e943819fa49150988c7979e9bbfafe6e52ce9c81feb0fbb6b06e0cbcfa6c

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	wocwvy.czyxoxmbauu.slsa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	wocwvy.czyxoxmbauu.slsa

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	wocwvy.czyxoxmbauu.slsa

Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	wocwvy.czyxoxmbauu.slsa

wocwvy.czyxoxmbauu.slsa
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5583

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads