anubis | fcbd91047f1166e7cb77840fcab9a938b5e347373fa1e079939b75c10c5a6437 | Triage

Submit
Reports

Overview

overview

Static

static

fcbd91047f...37.apk

android-9-x86

fcbd91047f...37.apk

android-10-x64

fcbd91047f...37.apk

android-11-x64

Sharing

General

Target

fcbd91047f1166e7cb77840fcab9a938b5e347373fa1e079939b75c10c5a6437.apk
Size

469KB
Sample

230627-rb18tsec66
MD5

7a239827a787779ff2b5caa36e2db2de
SHA1

b7827b7929a7bdef9e9297a00676e5fd795246c6
SHA256

fcbd91047f1166e7cb77840fcab9a938b5e347373fa1e079939b75c10c5a6437
SHA512

1c8af1c4c5b3c7f9f3e0f0fc88708f9fb20339c4c6ae9d559f00e4f6add604ff75312bd7f8e778bb6dc2add2dd7e481c8ece3dfa8e4f67593a0a6b882525a386
SSDEEP

12288:k8IMCtII8jT3BZZImBZZIaBZZIVBZZIMBZZIq:F1MWjZIEZIYZIZZImZIq

Score

10^/10

anubis android banker evasion infostealer ransomware trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fcbd91047f1166e7cb77840fcab9a938b5e347373fa1e079939b75c10c5a6437.apk

Resource

android-x86-arm-20230621-en

anubis banker evasion infostealer ransomware trojan

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

fcbd91047f1166e7cb77840fcab9a938b5e347373fa1e079939b75c10c5a6437.apk

Resource

android-x64-20230621-en

anubis banker infostealer ransomware trojan

android-10-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

fcbd91047f1166e7cb77840fcab9a938b5e347373fa1e079939b75c10c5a6437.apk

Resource

android-x64-arm64-20230621-en

anubis banker evasion infostealer ransomware trojan

android-11-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

anubis

C2

https://9b0b9b017fac.ngrok.app/

Targets

- Target
  
  fcbd91047f1166e7cb77840fcab9a938b5e347373fa1e079939b75c10c5a6437.apk
- Size
  
  469KB
- MD5
  
  7a239827a787779ff2b5caa36e2db2de
- SHA1
  
  b7827b7929a7bdef9e9297a00676e5fd795246c6
- SHA256
  
  fcbd91047f1166e7cb77840fcab9a938b5e347373fa1e079939b75c10c5a6437
- SHA512
  
  1c8af1c4c5b3c7f9f3e0f0fc88708f9fb20339c4c6ae9d559f00e4f6add604ff75312bd7f8e778bb6dc2add2dd7e481c8ece3dfa8e4f67593a0a6b882525a386
- SSDEEP
  
  12288:k8IMCtII8jT3BZZImBZZIaBZZIVBZZIMBZZIq:F1MWjZIEZIYZIZZImZIq
Score

10^/10

anubis banker evasion infostealer ransomware trojan
- Anubis banker
  Android banker that uses overlays.
  banker trojan infostealer anubis
- Renames multiple (134) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (450) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (496) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Requests enabling of the accessibility settings.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

anubisbankerevasioninfostealerransomwaretrojan

behavioral2

anubisbankerinfostealerransomwaretrojan

behavioral3

anubisbankerevasioninfostealerransomwaretrojan

© 2018-2025

Terms | Privacy