Overview

overview

10

Static

static

7

003DF87389...3A.apk

android_x86

10

003DF87389...3A.apk

android_x64

003DF87389...3A.apk

android_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    003DF8738942A88D690AEB902744CEC2DC2E671C708E96CB1085B13BDBD6823A.apk

  • Size

    2.5MB

  • Sample

    220603-hbrjysbhb4

  • MD5

    e5dec445c7a8ca93cec39f87ab86557d

  • SHA1

    6f0869d158b3e06a4d20af5d64ff6eeddcff6aaf

  • SHA256

    003df8738942a88d690aeb902744cec2dc2e671c708e96cb1085b13bdbd6823a

  • SHA512

    56c7416908ac6782459ad335ccc79d9a6912e3ddfee51a13bc91fefbd579879e47002ad0c733ffeeb35329dda264292c7bc9d0343c7d17166ad2f368d0db3f68

Score
10/10
anubisandroidbankerevasioninfostealertrojan

Malware Config

Extracted

Family

anubis

C2

http://matilarsevilir.com

Targets

    • Target

      003DF8738942A88D690AEB902744CEC2DC2E671C708E96CB1085B13BDBD6823A.apk

    • Size

      2.5MB

    • MD5

      e5dec445c7a8ca93cec39f87ab86557d

    • SHA1

      6f0869d158b3e06a4d20af5d64ff6eeddcff6aaf

    • SHA256

      003df8738942a88d690aeb902744cec2dc2e671c708e96cb1085b13bdbd6823a

    • SHA512

      56c7416908ac6782459ad335ccc79d9a6912e3ddfee51a13bc91fefbd579879e47002ad0c733ffeeb35329dda264292c7bc9d0343c7d17166ad2f368d0db3f68

    Score
    10/10
    anubisbankerevasioninfostealertrojan

    • Anubis banker

      Android banker that uses overlays.

      bankertrojaninfostealeranubis

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks