anubis | b6534569c66b247263e086f3d0141b3f1e2b86c69423379fe8eb0480ce2123f2 | Triage

Resubmissions

17-02-2025 13:54

250217-q71fqszket 10

17-02-2025 13:54

250217-q7q73azjgq 6

17-02-2025 12:50

250217-p3cnfaypen 10

Sharing

General

Target

B6534569C66B247263E086F3D0141B3F1E2B86C69423379FE8EB0480CE2123F2.apk
Size

550KB
Sample

250217-q71fqszket
MD5

a6442b382d8ddba47390bbd18fd3d1bd
SHA1

8564d9093e51b7039aaa183901411163e913da2f
SHA256

b6534569c66b247263e086f3d0141b3f1e2b86c69423379fe8eb0480ce2123f2
SHA512

1ed5948b73533904f26f76ac04dffa17c930a89b4a062b79a102251d89cfef33233a413f710c4637016124c6dde787df0438e98a0e5ce3f7eb9a9aa115317ab0
SSDEEP

12288:l/u2OaK0C2n3TdlMkF2EOW8vEdoiWepD/DREjDXB:xN40znDdPRfbW5ozDgx

Score

10^/10

anubis android banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan

Malware Config

Extracted

Family

anubis

C2

http://www.flashl1ght.top

Targets

- Target
  
  B6534569C66B247263E086F3D0141B3F1E2B86C69423379FE8EB0480CE2123F2.apk
- Size
  
  550KB
- MD5
  
  a6442b382d8ddba47390bbd18fd3d1bd
- SHA1
  
  8564d9093e51b7039aaa183901411163e913da2f
- SHA256
  
  b6534569c66b247263e086f3d0141b3f1e2b86c69423379fe8eb0480ce2123f2
- SHA512
  
  1ed5948b73533904f26f76ac04dffa17c930a89b4a062b79a102251d89cfef33233a413f710c4637016124c6dde787df0438e98a0e5ce3f7eb9a9aa115317ab0
- SSDEEP
  
  12288:l/u2OaK0C2n3TdlMkF2EOW8vEdoiWepD/DREjDXB:xN40znDdPRfbW5ozDgx
Score

10^/10

anubis banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan
- Anubis banker
  Android banker that uses overlays.
  banker trojan infostealer anubis
- Anubis family
  anubis
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Queries information about active data network
  discovery
- Requests enabling of the accessibility settings.
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

anubisbankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan