anubis | d1fa9401808354978fc1aa91165b88c265b549915211e2f0294e7f38db9af8dc

Analysis

max time kernel
672947s
max time network
161s
platform
android_x64
resource
android-x64-20220310-en
submitted
03-06-2022 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e491d383e9f89ba76864491598734e96.apk
Size

1.7MB
MD5

e491d383e9f89ba76864491598734e96
SHA1

7cb959f34dc4261d9cb37eb225319e72c8e91445
SHA256

d1fa9401808354978fc1aa91165b88c265b549915211e2f0294e7f38db9af8dc
SHA512

784114d1493e708a992570978d6add23fa0dc4835535b35c9fb4ef9037a7f85d38995509485cc772bc6f9edcb759f5752325687e3b34a5a26697ed88ceaf5fa2

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Extracted

Family

anubis

http://r7ssh1ng.xyz

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

drdwdqauhhpmcupllolq.nldyxmytssfdufjcdampgkg.njlwxhyhpncfwfnucofygaeaosa

ioc	pid	process
/data/user/0/drdwdqauhhpmcupllolq.nldyxmytssfdufjcdampgkg.njlwxhyhpncfwfnucofygaeaosa/app_DynamicOptDex/PYpgl.json	6222	drdwdqauhhpmcupllolq.nldyxmytssfdufjcdampgkg.njlwxhyhpncfwfnucofygaeaosa
/data/user/0/drdwdqauhhpmcupllolq.nldyxmytssfdufjcdampgkg.njlwxhyhpncfwfnucofygaeaosa/app_DynamicOptDex/PYpgl.json	6222	drdwdqauhhpmcupllolq.nldyxmytssfdufjcdampgkg.njlwxhyhpncfwfnucofygaeaosa

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

evasion

Processes:

drdwdqauhhpmcupllolq.nldyxmytssfdufjcdampgkg.njlwxhyhpncfwfnucofygaeaosa

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	drdwdqauhhpmcupllolq.nldyxmytssfdufjcdampgkg.njlwxhyhpncfwfnucofygaeaosa

drdwdqauhhpmcupllolq.nldyxmytssfdufjcdampgkg.njlwxhyhpncfwfnucofygaeaosa
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:6222

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/drdwdqauhhpmcupllolq.nldyxmytssfdufjcdampgkg.njlwxhyhpncfwfnucofygaeaosa/app_DynamicOptDex/PYpgl.json
Filesize
985KB

MD5
46fadd77f9a67dbf5c4c722b444a5123

SHA1
5f6ee674773c77d1ebe6a06c099a1ae56850f8d3

SHA256
0524edb314ec4369bd027c90f7c1e8c878132fb2f9f9cf95e7dcaae7758ac4ba

SHA512
0bd75a2a617ec7e7c0ad8737c03ab3036164559ffde2d3631b53d4d202d01efeec2c1aaa7e6b9b56e152f18ca4e448e5da31961a8cde2d3d51680d140fd1e97c

Download Submit
/data/user/0/drdwdqauhhpmcupllolq.nldyxmytssfdufjcdampgkg.njlwxhyhpncfwfnucofygaeaosa/app_DynamicOptDex/PYpgl.json
Filesize
985KB

MD5
8d1d685af936b898622a88cd468980fa

SHA1
7d0a7bd7c16f33a81dcd4b5d8bfa45bfb879e687

SHA256
7978c6cef7b934373f218da8a6510c631aa9abb6ff5e3527e9e3051dc3b63bb5

SHA512
94a4d7aabcced27299f4d8b46a6b7f17d27140bfd82e2fb06ca10f86942aab822452b1fe980f29ae78e182faecfba3327c054bcac45984790819ad5363ac6e42

Download Submit
/data/user/0/drdwdqauhhpmcupllolq.nldyxmytssfdufjcdampgkg.njlwxhyhpncfwfnucofygaeaosa/app_DynamicOptDex/PYpgl.json
Filesize
985KB

MD5
8d1d685af936b898622a88cd468980fa

SHA1
7d0a7bd7c16f33a81dcd4b5d8bfa45bfb879e687

SHA256
7978c6cef7b934373f218da8a6510c631aa9abb6ff5e3527e9e3051dc3b63bb5

SHA512
94a4d7aabcced27299f4d8b46a6b7f17d27140bfd82e2fb06ca10f86942aab822452b1fe980f29ae78e182faecfba3327c054bcac45984790819ad5363ac6e42

Download Submit
/data/user/0/drdwdqauhhpmcupllolq.nldyxmytssfdufjcdampgkg.njlwxhyhpncfwfnucofygaeaosa/app_DynamicOptDex/oat/PYpgl.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit