anubis | 5bb0e4469e0d98df5c0ab4c60360c88246a41f6c30e677954a5a2fe5eb2818b7 | Triage

Analysis

max time kernel
3749831s
max time network
111s
platform
android_x64
resource
android-x64-arm64-20220621-en
submitted
08-07-2022 16:57

Sharing

Report Analysis Logs

General

Target

5bb0e4469e0d98df5c0ab4c60360c88246a41f6c30e677954a5a2fe5eb2818b7.apk
Size

207KB
MD5

01bc9a13dd0b091b2ddce9ee2e682c0c
SHA1

5ecc5dd65118441b067bf2a9b5451d7a90ae124a
SHA256

5bb0e4469e0d98df5c0ab4c60360c88246a41f6c30e677954a5a2fe5eb2818b7
SHA512

fd1487ec14c5ee6e8e8d0c0464e95e00d07f6725985b6d5b965960a3fa88193cf989b774794388645d5a56037ba8f13160de6023017c23b22281cd1d67e4fca0

Score

10^/10

anubis banker evasion infostealer trojan

Malware Config

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	wocwvy.czyxoxmbauu.slsa
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	wocwvy.czyxoxmbauu.slsa

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	wocwvy.czyxoxmbauu.slsa

Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	wocwvy.czyxoxmbauu.slsa

wocwvy.czyxoxmbauu.slsa
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5070

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads