anubis | cd6ffabd092e5839d15be53aaf8d749c01beaae5cf3044aac1fab6f80c8106cd | Triage

Analysis

max time kernel
2572564s
max time network
138s
platform
android_x64
resource
android-x64-arm64-20220621-en
submitted
25-06-2022 04:49

Sharing

Report Analysis Logs

General

Target

cd6ffabd092e5839d15be53aaf8d749c01beaae5cf3044aac1fab6f80c8106cd.apk
Size

368KB
MD5

bffbb349be6aef333d3855e6f5efc46e
SHA1

38e233193d933c3494a849e419e0d6fef14c3716
SHA256

cd6ffabd092e5839d15be53aaf8d749c01beaae5cf3044aac1fab6f80c8106cd
SHA512

28101d7e0eec2d6fd2dd7030e0a72c0b00de0aa6915b7df8bff82a7a5b49cecc9ca189bd40c1b772d4d2943ef0daecfa8891f4fd028c33466bd14aba954b6004

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	anubis.bot.myapplication
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	anubis.bot.myapplication

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	anubis.bot.myapplication

Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	anubis.bot.myapplication

anubis.bot.myapplication
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:4803

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads