Overview

overview

10

Static

static

6

814001a82c...86.apk

android-9-x86

10

814001a82c...86.apk

android-10-x64

10

814001a82c...86.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    814001a82cc709413ba6d301ad65bd32052e4aa493313117e50cfcb419e3d086

  • Size

    2.5MB

  • Sample

    231220-d4ba8addh7

  • MD5

    ebb3f0c1dd02fa60eaae2a881445f903

  • SHA1

    32608b24115e7450dd94305efdfa982e0b6ea4bb

  • SHA256

    814001a82cc709413ba6d301ad65bd32052e4aa493313117e50cfcb419e3d086

  • SHA512

    f01d16e2d8a0611a31692e7a30062981cc8d62229b5d21515bf1fb4a74ec01cfd7c69f5014abbfc3fdbbe29135a3286bfaf62ca74fbc8048184285a1095a2a79

  • SSDEEP

    49152:gWBO0yQ1vpyQiyQryQaLaimVc926DGBeAFYMGPVb9syI/jWYByQqtMAXH/fhcY8B:LykpytyGyhatckS+GPVpNIlByFXXnr8B

Score
10/10
anubisandroidbankerevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

anubis

C2

https://martilerrentcarskirolrte.com/

Targets

    • Target

      814001a82cc709413ba6d301ad65bd32052e4aa493313117e50cfcb419e3d086

    • Size

      2.5MB

    • MD5

      ebb3f0c1dd02fa60eaae2a881445f903

    • SHA1

      32608b24115e7450dd94305efdfa982e0b6ea4bb

    • SHA256

      814001a82cc709413ba6d301ad65bd32052e4aa493313117e50cfcb419e3d086

    • SHA512

      f01d16e2d8a0611a31692e7a30062981cc8d62229b5d21515bf1fb4a74ec01cfd7c69f5014abbfc3fdbbe29135a3286bfaf62ca74fbc8048184285a1095a2a79

    • SSDEEP

      49152:gWBO0yQ1vpyQiyQryQaLaimVc926DGBeAFYMGPVb9syI/jWYByQqtMAXH/fhcY8B:LykpytyGyhatckS+GPVpNIlByFXXnr8B

    Score
    10/10
    anubisbankerevasioninfostealerstealthtrojan

    • Anubis banker

      Android banker that uses overlays.

      bankertrojaninfostealeranubis

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Removes its main activity from the application launcher

      stealthtrojan

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Acquires the wake lock

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks