anubis | 57c9563a1e3adc9737eae84b6fb3f45aa98621ab4d1bced43eeef5e35fee9aad | Triage

Analysis

max time kernel
673111s
max time network
55s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
03-06-2022 05:37

Sharing

Report Analysis Logs

General

Target

57C9563A1E3ADC9737EAE84B6FB3F45AA98621AB4D1BCED43EEEF5E35FEE9AAD.apk
Size

285KB
MD5

9a203d62480bceb0116dc1b32b2e20d2
SHA1

ef237eccaceaf6dbc05af9c24c80d43d4bc89e15
SHA256

57c9563a1e3adc9737eae84b6fb3f45aa98621ab4d1bced43eeef5e35fee9aad
SHA512

bf3f35f03ad2188d71841df743c672770aebd67ef9362fcf1cb9378c6bdfa9d649afce14337af6d7d5eeec341014ccf67ce97faffb2340d565ddb0d09af3d153

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	wocwvy.czyxoxmbauu.slsa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	wocwvy.czyxoxmbauu.slsa

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	wocwvy.czyxoxmbauu.slsa

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	wocwvy.czyxoxmbauu.slsa

wocwvy.czyxoxmbauu.slsa
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5134

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads