anubis | 9687682ceb5bcb544331eabd61ec3b65accbc691609691f826518d40d2d5304b | Triage

Analysis

max time kernel
672963s
max time network
102s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
03-06-2022 05:35

Sharing

Report Analysis Logs

General

Target

d5577c5f181d5496ae2ebd295a705a73.apk
Size

289KB
MD5

d5577c5f181d5496ae2ebd295a705a73
SHA1

cc65624c27c8183c777d395f91f8275f4800075b
SHA256

9687682ceb5bcb544331eabd61ec3b65accbc691609691f826518d40d2d5304b
SHA512

91f54d4451fdbd9b9b92cda4f6879a27ebb6997e6cc2ced9ee7c04e06bff394f33ea664aa7bf0a0a79b19f1d1bbe375deb0bbc1926433dd186ecb8d820728f97

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	wocwvy.czyxoxmbauu.slsa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	wocwvy.czyxoxmbauu.slsa

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	wocwvy.czyxoxmbauu.slsa

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	wocwvy.czyxoxmbauu.slsa

wocwvy.czyxoxmbauu.slsa
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5107

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads