Resubmissions

19-10-2022 07:24

221019-h8nvbsfehl 10

13-09-2022 08:50

220913-krtqcsfbc9 8

02-09-2022 10:02

220902-l2sfqacadq 8

General

  • Target

    0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1.zip

  • Size

    4.0MB

  • Sample

    220913-krtqcsfbc9

  • MD5

    0b3248698651c68aa79c128c26df6f5c

  • SHA1

    93be818f6087423909594f5630b67cf0ddcf71b6

  • SHA256

    0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1

  • SHA512

    c9815d347d65cb2184a50b9e0bc6086dd77023666189b69baabfe3e21e7cebaae513c7530c96af877bd0ef03f1f946a23f947bcaafc4be7d89d967bb9d3dbfa4

  • SSDEEP

    98304:rAf1Qd2ofrWriq/urhQuzI6TZS+DixH8bU4bFLzbcHeze8:rANZLky4To+mgU4bFLq8

Malware Config

Extracted

Family

zanubis

C2

92.38.132.217

Targets

    • Target

      0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1.zip

    • Size

      4.0MB

    • MD5

      0b3248698651c68aa79c128c26df6f5c

    • SHA1

      93be818f6087423909594f5630b67cf0ddcf71b6

    • SHA256

      0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1

    • SHA512

      c9815d347d65cb2184a50b9e0bc6086dd77023666189b69baabfe3e21e7cebaae513c7530c96af877bd0ef03f1f946a23f947bcaafc4be7d89d967bb9d3dbfa4

    • SSDEEP

      98304:rAf1Qd2ofrWriq/urhQuzI6TZS+DixH8bU4bFLzbcHeze8:rANZLky4To+mgU4bFLq8

    • Zanubis

      Zanubis is an Android banking malware first seen in 2022.

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Acquires the wake lock.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks