anubis | 78913b80d9970c43fda8f1c6e63888efd67707eab80ed3ae822d118de8c33f03 | Triage

Analysis

max time kernel
685587s
max time network
42s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
03-06-2022 06:46

Sharing

Report Analysis Logs

General

Target

78913b80d9970c43fda8f1c6e63888efd67707eab80ed3ae822d118de8c33f03.apk
Size

194KB
MD5

c148c63c974e2312d8f847d07242a86b
SHA1

377f86abc4946fe9fe3506f421bc51ef9c9d9bad
SHA256

78913b80d9970c43fda8f1c6e63888efd67707eab80ed3ae822d118de8c33f03
SHA512

b963ac22ba477b0cfda399bd19cfb801c2f8545788c6c01aefe49900f030beb14f2f9a5a382b6ff43df2d5256a710a5812d99b2c7a2a83d7cac5ddf840d60ba0

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	wocwvy.czyxoxmbauu.slsa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	wocwvy.czyxoxmbauu.slsa

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	wocwvy.czyxoxmbauu.slsa

Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	wocwvy.czyxoxmbauu.slsa

wocwvy.czyxoxmbauu.slsa
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5123

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads