zanubis | 33adbff1a79da4a3fde49cececac5a6b99bf217be0c6db6cdf85a46bf2087e57 | Triage

Resubmissions

25-11-2022 14:38

221125-rz2jhaec29 10

22-09-2022 17:03

220922-vk1v7scaa5 10

31-08-2022 15:17

220831-sn1y9sgacq 8

Sharing

General

Target

documento_2a3d3dd.pdf.apk
Size

4.0MB
Sample

220922-vk1v7scaa5
MD5

8f78df9b128eb2b0fb576269bba6a9fb
SHA1

2128c991887a80152ca36689be503eaa6afc1b1f
SHA256

33adbff1a79da4a3fde49cececac5a6b99bf217be0c6db6cdf85a46bf2087e57
SHA512

4bce2fb6b264159c0b0dad184f834ecbb8eb5f908665e9eb2d783604374fb3fe03e9cdf5a4e167e308767d6c63d7f0302e9658ccb967f22affbd4bf2cf1a49cb
SSDEEP

98304:rIQAS1Qd2ofrWB/urhQuzI6TZS+DixH8bU4bFLzbcHez0:8QAejky4To+mgU4bFLg

Score

10^/10

zanubis android banker evasion infostealer trojan

Malware Config

Extracted

Family

zanubis

C2

92.38.132.217

Extracted

Family

zanubis

C2

92.38.132.217

Targets

- Target
  
  documento_2a3d3dd.pdf.apk
- Size
  
  4.0MB
- MD5
  
  8f78df9b128eb2b0fb576269bba6a9fb
- SHA1
  
  2128c991887a80152ca36689be503eaa6afc1b1f
- SHA256
  
  33adbff1a79da4a3fde49cececac5a6b99bf217be0c6db6cdf85a46bf2087e57
- SHA512
  
  4bce2fb6b264159c0b0dad184f834ecbb8eb5f908665e9eb2d783604374fb3fe03e9cdf5a4e167e308767d6c63d7f0302e9658ccb967f22affbd4bf2cf1a49cb
- SSDEEP
  
  98304:rIQAS1Qd2ofrWB/urhQuzI6TZS+DixH8bU4bFLzbcHez0:8QAejky4To+mgU4bFLg
Score

10^/10

banker evasion zanubis infostealer trojan
- Zanubis
  Zanubis is an Android banking malware first seen in 2022.
  infostealer trojan banker zanubis
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

zanubisbankerinfostealertrojan

behavioral3

zanubisbankerevasioninfostealertrojan