anubis | f3c56882c01b2b967887fc1ece06d0382b005bc50d3c006357cc6b566eca1992 | Triage

Analysis

max time kernel
680797s
max time network
172s
platform
android_x64
resource
android-x64-arm64-20220310-en
submitted
03-06-2022 07:52

Sharing

Report Analysis Logs

General

Target

F3C56882C01B2B967887FC1ECE06D0382B005BC50D3C006357CC6B566ECA1992.apk
Size

273KB
MD5

9dfc1fe77cce5df81bd1847135edbbf8
SHA1

c4ba5d537a1744ad198ec1243c191611b5a6058c
SHA256

f3c56882c01b2b967887fc1ece06d0382b005bc50d3c006357cc6b566eca1992
SHA512

886151b52315b4fa0267ba5a7a7e264c335dd456cdaf56abd585c5db3c1974067af394502d799187485043d0ad68803e6f492fc9c7ce47d84f69a47de396a6bd

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	wocwvy.czyxoxmbauu.slsa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	wocwvy.czyxoxmbauu.slsa

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	wocwvy.czyxoxmbauu.slsa

Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	wocwvy.czyxoxmbauu.slsa

wocwvy.czyxoxmbauu.slsa
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:6897

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads