Overview

overview

10

Static

static

10

NitroGenTEST.apk

android-9-x86

10

NitroGenTEST.apk

android-10-x64

10

NitroGenTEST.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NitroGenTEST.apk

  • Size

    1.5MB

  • Sample

    230221-gzbyqsfg3t

  • MD5

    3dcb7c99fef464a0259b1a5cf2b2f326

  • SHA1

    1e24066aea035bf683e14dab7c1fd13e2dc09e1d

  • SHA256

    b5ac7c99b6b02768944cd2e7b5408e28fdb14240ed2b5842a73ba02a61756eef

  • SHA512

    838829a43ebc40487a206f75f56a85b65cdb01b3d8cef767182425a590faf79e6b79601e1530ffe34378e1223c9a06184f53d52ba53471fafd79d760a209febf

  • SSDEEP

    24576:nN7XrPybNxjPhnVQXHoGy1CQmKhAtK8lK/kF8QYnp703kkCCL4HgLn2hj:hLCfJnVCHt0Ckhq2sFxYnSk/CL/n25

Score
10/10
anubisandroidbankerinfostealerransomwaretrojan

Malware Config

Extracted

Family

anubis

C2

http://localhost:8080/

Targets

    • Target

      NitroGenTEST.apk

    • Size

      1.5MB

    • MD5

      3dcb7c99fef464a0259b1a5cf2b2f326

    • SHA1

      1e24066aea035bf683e14dab7c1fd13e2dc09e1d

    • SHA256

      b5ac7c99b6b02768944cd2e7b5408e28fdb14240ed2b5842a73ba02a61756eef

    • SHA512

      838829a43ebc40487a206f75f56a85b65cdb01b3d8cef767182425a590faf79e6b79601e1530ffe34378e1223c9a06184f53d52ba53471fafd79d760a209febf

    • SSDEEP

      24576:nN7XrPybNxjPhnVQXHoGy1CQmKhAtK8lK/kF8QYnp703kkCCL4HgLn2hj:hLCfJnVCHt0Ckhq2sFxYnSk/CL/n25

    Score
    10/10
    anubisbankerinfostealerransomwaretrojan

    • Anubis banker

      Android banker that uses overlays.

      bankertrojaninfostealeranubis

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Requests enabling of the accessibility settings.

    • Reads information about phone network operator.

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks