anubis | 57ff0a7cdef46777f99da5e3a9f63fc1c9ed231a7ea85e9d4db9bdcc3566388e | Triage

Analysis

max time kernel
2563116s
max time network
150s
platform
android_x64
resource
android-x64-arm64-20220621-en
submitted
25-06-2022 02:40

Sharing

Report Analysis Logs

General

Target

57ff0a7cdef46777f99da5e3a9f63fc1c9ed231a7ea85e9d4db9bdcc3566388e.apk
Size

648KB
MD5

16cc26bef54726d03ea8430b292fbeac
SHA1

d9047d4cfdaa9c7af51c3ec1538340bfacd39b84
SHA256

57ff0a7cdef46777f99da5e3a9f63fc1c9ed231a7ea85e9d4db9bdcc3566388e
SHA512

614744ab5e4a451166b51cdd5e6f1579ca923a396ebbc4592f4a24e476077df757aec6ff8feaabfb869572a6e17eab11a2c020c9f5573a5338f597e198ac7ebe

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	anubis.bot.myapplication
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	anubis.bot.myapplication

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	anubis.bot.myapplication

Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	anubis.bot.myapplication

anubis.bot.myapplication
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:4861

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads