anubis | b39feeab21d00b673b9424a9580975e5aa4990ffe57199014b6dc37b8070660c | Triage

Analysis

max time kernel
681865s
max time network
50s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
03-06-2022 06:18

Sharing

Report Analysis Logs

General

Target

B39FEEAB21D00B673B9424A9580975E5AA4990FFE57199014B6DC37B8070660C.apk
Size

273KB
MD5

c7dc74dbcc22d1a658e13498459a3cf3
SHA1

9d077d4a2808f0c2f02eddedc88259203c3f9343
SHA256

b39feeab21d00b673b9424a9580975e5aa4990ffe57199014b6dc37b8070660c
SHA512

b25a25a4b5582fc3d0e89430c82eb46011f42e069904508c7a451cc0a6c4308c617ce95c819b994c98268856f739f5034ee57f05245caf35f64fc64eb5f5f1ae

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	wocwvy.czyxoxmbauu.slsa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	wocwvy.czyxoxmbauu.slsa

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	wocwvy.czyxoxmbauu.slsa

Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	wocwvy.czyxoxmbauu.slsa

wocwvy.czyxoxmbauu.slsa
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5113

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads