zanubis | 0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1 | Triage

Submit
Reports

Overview

overview

Static

static

0198b8fa11...a1.apk

android-9-x86

0198b8fa11...a1.apk

android-10-x64

0198b8fa11...a1.apk

android-11-x64

Resubmissions

19/10/2022, 07:24 UTC

221019-h8nvbsfehl 10

13/09/2022, 08:50 UTC

220913-krtqcsfbc9 8

02/09/2022, 10:02 UTC

220902-l2sfqacadq 8

Sharing

General

Target

0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1.zip
Size

4.0MB
Sample

221019-h8nvbsfehl
MD5

0b3248698651c68aa79c128c26df6f5c
SHA1

93be818f6087423909594f5630b67cf0ddcf71b6
SHA256

0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1
SHA512

c9815d347d65cb2184a50b9e0bc6086dd77023666189b69baabfe3e21e7cebaae513c7530c96af877bd0ef03f1f946a23f947bcaafc4be7d89d967bb9d3dbfa4
SSDEEP

98304:rAf1Qd2ofrWriq/urhQuzI6TZS+DixH8bU4bFLzbcHeze8:rANZLky4To+mgU4bFLq8

Score

10^/10

zanubis android banker evasion infostealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1.apk

Resource

android-x86-arm-20220823-en

zanubis banker evasion infostealer trojan

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1.apk

Resource

android-x64-20220823-en

zanubis banker infostealer trojan

android-10-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1.apk

Resource

android-x64-arm64-20220823-en

zanubis banker evasion infostealer trojan

android-11-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

zanubis

C2

92.38.132.217

Extracted

Family

zanubis

C2

7

Targets

- Target
  
  0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1.zip
- Size
  
  4.0MB
- MD5
  
  0b3248698651c68aa79c128c26df6f5c
- SHA1
  
  93be818f6087423909594f5630b67cf0ddcf71b6
- SHA256
  
  0198b8fa11bf9e8442defa00befa2ab224ada5ebb4a60256f2bf5fc491cca0a1
- SHA512
  
  c9815d347d65cb2184a50b9e0bc6086dd77023666189b69baabfe3e21e7cebaae513c7530c96af877bd0ef03f1f946a23f947bcaafc4be7d89d967bb9d3dbfa4
- SSDEEP
  
  98304:rAf1Qd2ofrWriq/urhQuzI6TZS+DixH8bU4bFLzbcHeze8:rANZLky4To+mgU4bFLq8
Score

10^/10

zanubis banker evasion infostealer trojan
- Zanubis
  Zanubis is an Android banking malware first seen in 2022.
  infostealer trojan banker zanubis
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zanubisbankerevasioninfostealertrojan

behavioral2

zanubisbankerinfostealertrojan

behavioral3

zanubisbankerevasioninfostealertrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.