General
-
Target
Anubis 2.5 ( Android Banking Botnet ) Panel + APK file.exe
-
Size
268KB
-
Sample
240414-vfz34sab84
-
MD5
58d328c859ed26102d84959e95de9bca
-
SHA1
d40750fd353b093a0418b167eccd4c2124c64594
-
SHA256
71e944842708dde91a617790c517a3295db2ea867f894c4f465bfee2977fbe38
-
SHA512
8818c5f35e86d902e59d16a8bc945038e6eec4fabb442fd5c015d617c7150e56c71717a199fa82f4c08d8e9d9181fdf23f0ddba83d734e6f2c5e40a00a17565e
-
SSDEEP
6144:rcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37PpdHQd:rcW7KEZlPzCy37Rde
Malware Config
Extracted
darkcomet
ip
kvejo991.ddns.net:1604
DC_MUTEX-B1GXAHA
-
InstallPath
winlogon.exe
-
gencode
w3TGdlYWXTQL
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
windows
Targets
-
-
Target
Anubis 2.5 ( Android Banking Botnet ) Panel + APK file.exe
-
Size
268KB
-
MD5
58d328c859ed26102d84959e95de9bca
-
SHA1
d40750fd353b093a0418b167eccd4c2124c64594
-
SHA256
71e944842708dde91a617790c517a3295db2ea867f894c4f465bfee2977fbe38
-
SHA512
8818c5f35e86d902e59d16a8bc945038e6eec4fabb442fd5c015d617c7150e56c71717a199fa82f4c08d8e9d9181fdf23f0ddba83d734e6f2c5e40a00a17565e
-
SSDEEP
6144:rcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37PpdHQd:rcW7KEZlPzCy37Rde
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1