anubis | d4ce3c98df7a584282df0bb8ce6f304bda0c120f67aafdc457cd468f2961424a | Triage

Analysis

max time kernel
685387s
max time network
37s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
03-06-2022 06:42

Sharing

Report Analysis Logs

General

Target

D4CE3C98DF7A584282DF0BB8CE6F304BDA0C120F67AAFDC457CD468F2961424A.apk
Size

437KB
MD5

71694f4bf8367d6ddd7d0357d08edf8e
SHA1

5b694ce70b648ba191862544f79c20532dab290d
SHA256

d4ce3c98df7a584282df0bb8ce6f304bda0c120f67aafdc457cd468f2961424a
SHA512

61d3dafa2ecae5cb9fddef7b3747e93cb6804dc4450cefcb7798c150898beefd3dcdb8b955cb4f18c12f245035edcdf41f461527debc860fa8adde8d33bc8eff

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

wocwvy.czyxoxmbauu.slsa

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	wocwvy.czyxoxmbauu.slsa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	wocwvy.czyxoxmbauu.slsa

Acquires the wake lock. 1 IoCs

Processes:

wocwvy.czyxoxmbauu.slsa

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock wocwvy.czyxoxmbauu.slsa
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

wocwvy.czyxoxmbauu.slsa

description ioc process

Framework API call android.hardware.SensorManager.registerListener wocwvy.czyxoxmbauu.slsa

wocwvy.czyxoxmbauu.slsa
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:4936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...