anubis | 9687682ceb5bcb544331eabd61ec3b65accbc691609691f826518d40d2d5304b | Triage

Submit
Reports

Overview

overview

Static

static

9687682ceb...4b.apk

9687682ceb...4b.apk

android-10-x64

8

9687682ceb...4b.apk

android-11-x64

8

Sharing

General

Target

9687682ceb5bcb544331eabd61ec3b65accbc691609691f826518d40d2d5304b
Size

289KB
Sample

231220-khjtssffd7
MD5

d5577c5f181d5496ae2ebd295a705a73
SHA1

cc65624c27c8183c777d395f91f8275f4800075b
SHA256

9687682ceb5bcb544331eabd61ec3b65accbc691609691f826518d40d2d5304b
SHA512

91f54d4451fdbd9b9b92cda4f6879a27ebb6997e6cc2ced9ee7c04e06bff394f33ea664aa7bf0a0a79b19f1d1bbe375deb0bbc1926433dd186ecb8d820728f97
SSDEEP

6144:t00Ed5Dbd5D0d5D0d5D0d5Du62ZKa6j5XeFVSAmgYSc6t:tmdRbdR0dR0dR0dRwg5XCY+

Score

10^/10

anubis android evasion stealth trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

9687682ceb5bcb544331eabd61ec3b65accbc691609691f826518d40d2d5304b.apk

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

9687682ceb5bcb544331eabd61ec3b65accbc691609691f826518d40d2d5304b.apk

Resource

android-x64-20231215-en

evasion stealth trojan

android-10-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

9687682ceb5bcb544331eabd61ec3b65accbc691609691f826518d40d2d5304b.apk

Resource

android-x64-arm64-20231215-en

evasion stealth trojan

android-11-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

anubis

C2

http://3n0rmous.xyz

Targets

- Target
  
  9687682ceb5bcb544331eabd61ec3b65accbc691609691f826518d40d2d5304b
- Size
  
  289KB
- MD5
  
  d5577c5f181d5496ae2ebd295a705a73
- SHA1
  
  cc65624c27c8183c777d395f91f8275f4800075b
- SHA256
  
  9687682ceb5bcb544331eabd61ec3b65accbc691609691f826518d40d2d5304b
- SHA512
  
  91f54d4451fdbd9b9b92cda4f6879a27ebb6997e6cc2ced9ee7c04e06bff394f33ea664aa7bf0a0a79b19f1d1bbe375deb0bbc1926433dd186ecb8d820728f97
- SSDEEP
  
  6144:t00Ed5Dbd5D0d5D0d5D0d5Du62ZKa6j5XeFVSAmgYSc6t:tmdRbdR0dR0dR0dRwg5XCY+
Score

8^/10

evasion stealth trojan
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Removes its main activity from the application launcher
  stealth trojan
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

evasionstealthtrojan

behavioral3

evasionstealthtrojan

© 2018-2024

Terms | Privacy