General
-
Target
fcbd91047f1166e7cb77840fcab9a938b5e347373fa1e079939b75c10c5a6437.apk
-
Size
469KB
-
Sample
230627-rb18tsec66
-
MD5
7a239827a787779ff2b5caa36e2db2de
-
SHA1
b7827b7929a7bdef9e9297a00676e5fd795246c6
-
SHA256
fcbd91047f1166e7cb77840fcab9a938b5e347373fa1e079939b75c10c5a6437
-
SHA512
1c8af1c4c5b3c7f9f3e0f0fc88708f9fb20339c4c6ae9d559f00e4f6add604ff75312bd7f8e778bb6dc2add2dd7e481c8ece3dfa8e4f67593a0a6b882525a386
-
SSDEEP
12288:k8IMCtII8jT3BZZImBZZIaBZZIVBZZIMBZZIq:F1MWjZIEZIYZIZZImZIq
Malware Config
Extracted
anubis
https://9b0b9b017fac.ngrok.app/
Targets
-
-
Target
fcbd91047f1166e7cb77840fcab9a938b5e347373fa1e079939b75c10c5a6437.apk
-
Size
469KB
-
MD5
7a239827a787779ff2b5caa36e2db2de
-
SHA1
b7827b7929a7bdef9e9297a00676e5fd795246c6
-
SHA256
fcbd91047f1166e7cb77840fcab9a938b5e347373fa1e079939b75c10c5a6437
-
SHA512
1c8af1c4c5b3c7f9f3e0f0fc88708f9fb20339c4c6ae9d559f00e4f6add604ff75312bd7f8e778bb6dc2add2dd7e481c8ece3dfa8e4f67593a0a6b882525a386
-
SSDEEP
12288:k8IMCtII8jT3BZZImBZZIaBZZIVBZZIMBZZIq:F1MWjZIEZIYZIZZImZIq
Score10/10-
Anubis banker
Android banker that uses overlays.
-
Renames multiple (134) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (450) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (496) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Makes use of the framework's Accessibility service.
-
Acquires the wake lock.
-
Requests enabling of the accessibility settings.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-