anubis | 4ab2df8a1e6d63b3849b3d10dd0692a4efc26e824e0e30290608f840358bfe63 | Triage

Sharing

General

Target

4ab2df8a1e6d63b3849b3d10dd0692a4efc26e824e0e30290608f840358bfe63.bin
Size

381KB
Sample

240908-186dgs1apg
MD5

38ce3303fde588f59d3be231acc05a27
SHA1

3c332332438e5331d51cdfb5c91d9caf6ea35a99
SHA256

4ab2df8a1e6d63b3849b3d10dd0692a4efc26e824e0e30290608f840358bfe63
SHA512

842d1c822afba68038a7e5c0b36ebc1627eb057ea425b5cfd0b6cc55a9545f1df327dd97701001d85699bc4529cdf0549b26d74246a6077e340cb1c7f11fefc0
SSDEEP

6144:+5z91fUh9H1aMJghgDjP1xTFs4aVrTr4sVfMV4sVfML4sVfMS4sVfMN4sVfMD:+5zoh9S+ndBijTr4yfy4yf24yfR4yfgY

Score

10^/10

anubis android collection credential_access evasion persistence stealth trojan

Malware Config

Extracted

Family

anubis

C2

http://192.168.140.129:80/

Targets

- Target
  
  4ab2df8a1e6d63b3849b3d10dd0692a4efc26e824e0e30290608f840358bfe63.bin
- Size
  
  381KB
- MD5
  
  38ce3303fde588f59d3be231acc05a27
- SHA1
  
  3c332332438e5331d51cdfb5c91d9caf6ea35a99
- SHA256
  
  4ab2df8a1e6d63b3849b3d10dd0692a4efc26e824e0e30290608f840358bfe63
- SHA512
  
  842d1c822afba68038a7e5c0b36ebc1627eb057ea425b5cfd0b6cc55a9545f1df327dd97701001d85699bc4529cdf0549b26d74246a6077e340cb1c7f11fefc0
- SSDEEP
  
  6144:+5z91fUh9H1aMJghgDjP1xTFs4aVrTr4sVfMV4sVfML4sVfMS4sVfMN4sVfMD:+5zoh9S+ndBijTr4yfy4yf24yfR4yfgY
Score

8^/10

collection credential_access evasion persistence stealth trojan
- Removes its main activity from the application launcher
  stealth trojan evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Requests enabling of the accessibility settings.
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Hide Artifacts

Suppress Application Icon

User Evasion

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessevasionpersistencestealthtrojan

behavioral2

collectioncredential_accessevasionpersistencestealthtrojan

behavioral3

collectioncredential_accessevasionpersistencestealthtrojan