Resubmissions

25-11-2022 14:38

221125-rz2jhaec29 10

22-09-2022 17:03

220922-vk1v7scaa5 10

31-08-2022 15:17

220831-sn1y9sgacq 8

General

  • Target

    documento_2a3d3dd.pdf.apk

  • Size

    4.0MB

  • Sample

    221125-rz2jhaec29

  • MD5

    8f78df9b128eb2b0fb576269bba6a9fb

  • SHA1

    2128c991887a80152ca36689be503eaa6afc1b1f

  • SHA256

    33adbff1a79da4a3fde49cececac5a6b99bf217be0c6db6cdf85a46bf2087e57

  • SHA512

    4bce2fb6b264159c0b0dad184f834ecbb8eb5f908665e9eb2d783604374fb3fe03e9cdf5a4e167e308767d6c63d7f0302e9658ccb967f22affbd4bf2cf1a49cb

  • SSDEEP

    98304:rIQAS1Qd2ofrWB/urhQuzI6TZS+DixH8bU4bFLzbcHez0:8QAejky4To+mgU4bFLg

Malware Config

Extracted

Family

zanubis

C2

92.38.132.217

Extracted

Family

zanubis

C2

7

Targets

    • Target

      documento_2a3d3dd.pdf.apk

    • Size

      4.0MB

    • MD5

      8f78df9b128eb2b0fb576269bba6a9fb

    • SHA1

      2128c991887a80152ca36689be503eaa6afc1b1f

    • SHA256

      33adbff1a79da4a3fde49cececac5a6b99bf217be0c6db6cdf85a46bf2087e57

    • SHA512

      4bce2fb6b264159c0b0dad184f834ecbb8eb5f908665e9eb2d783604374fb3fe03e9cdf5a4e167e308767d6c63d7f0302e9658ccb967f22affbd4bf2cf1a49cb

    • SSDEEP

      98304:rIQAS1Qd2ofrWB/urhQuzI6TZS+DixH8bU4bFLzbcHez0:8QAejky4To+mgU4bFLg

    • Zanubis

      Zanubis is an Android banking malware first seen in 2022.

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Acquires the wake lock.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks