anubis | 4a4bd95b4c591267f51294e9d3b42c433388a7e79980b355c6d94769d6d3a9f5 | Triage

Analysis

max time kernel
682546s
max time network
55s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
03-06-2022 06:37

Sharing

Report Analysis Logs

General

Target

c448ae9ad80f088e9296f08a114605e2.apk
Size

370KB
MD5

c448ae9ad80f088e9296f08a114605e2
SHA1

85cac92603f9c05034b7bc92c2887d84040c1b54
SHA256

4a4bd95b4c591267f51294e9d3b42c433388a7e79980b355c6d94769d6d3a9f5
SHA512

5f6852dc49f32116bb5ffe6efd8d8ee89aa61a7dfa5e3811412c4e35a4a3ec77469d975f09cb4a4b0d6b0a1254ee587df630ccb7cca5bdfa7d5e61e4b21d9aee

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

anubis.bot.myapplication

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	anubis.bot.myapplication
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	anubis.bot.myapplication

Acquires the wake lock. 1 IoCs

Processes:

anubis.bot.myapplication

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock anubis.bot.myapplication
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

anubis.bot.myapplication

description ioc process

Framework API call android.hardware.SensorManager.registerListener anubis.bot.myapplication

anubis.bot.myapplication
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...