anubis | eb11a515ebcb82ca822329107a0a71ac27f48ab22fb9711c7afdaf57fe845a8f | Triage

Analysis

max time kernel
686522s
max time network
42s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
03-06-2022 06:34

Sharing

Report Analysis Logs

General

Target

EB11A515EBCB82CA822329107A0A71AC27F48AB22FB9711C7AFDAF57FE845A8F.apk
Size

437KB
MD5

6536f3ab0f70292e84d18413f86ca642
SHA1

a36007a3f1fab9c06f60c112da4fd4623de17182
SHA256

eb11a515ebcb82ca822329107a0a71ac27f48ab22fb9711c7afdaf57fe845a8f
SHA512

d1f71430afcf76fc0d1359b23a83c0cb6f16ea0c961285ddb64c8f2566557d06f513510d92d4314334da01649e85d5e43587d89c55141b9d7ed6431336fccc1e

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	wocwvy.czyxoxmbauu.slsa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	wocwvy.czyxoxmbauu.slsa

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	wocwvy.czyxoxmbauu.slsa

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	wocwvy.czyxoxmbauu.slsa

wocwvy.czyxoxmbauu.slsa
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5106

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads