anubis | 3e791a4dc4f948d9d1eb69f8db76b77850bfd2d9d3e1bc4357115aea993ab027

General

Target

_9.3(2).apk
Size

5.0MB
Sample

250219-qhcy5s1nhy
MD5

83c59d47777e461a96524bf061bea1c1
SHA1

7469fa705326be8a4f301ae2d01bf66ea8182111
SHA256

3e791a4dc4f948d9d1eb69f8db76b77850bfd2d9d3e1bc4357115aea993ab027
SHA512

e28f6b50d8f41f0f5228892bd112d1ded7948731f99551e72bd73649c55c5bfa773dc0d5d21f06dc7457ba3b7ed4a504f1a837171ab35281a18832d689c14bff
SSDEEP

98304:Fb7BNg8ODj/V6y6gUCgyl7IfR7Ueo44MgKEr:5BN6j/QCUpyl6R/x1Er

Score

10^/10

Malware Config

Extracted

Family

anubis

C2

https://google.com

Targets

- Target
  
  _9.3(2).apk
- Size
  
  5.0MB
- MD5
  
  83c59d47777e461a96524bf061bea1c1
- SHA1
  
  7469fa705326be8a4f301ae2d01bf66ea8182111
- SHA256
  
  3e791a4dc4f948d9d1eb69f8db76b77850bfd2d9d3e1bc4357115aea993ab027
- SHA512
  
  e28f6b50d8f41f0f5228892bd112d1ded7948731f99551e72bd73649c55c5bfa773dc0d5d21f06dc7457ba3b7ed4a504f1a837171ab35281a18832d689c14bff
- SSDEEP
  
  98304:Fb7BNg8ODj/V6y6gUCgyl7IfR7Ueo44MgKEr:5BN6j/QCUpyl6R/x1Er
Score

10^/10

anubis banker collection credential_access defense_evasion discovery evasion execution infostealer persistence stealth trojan
- Anubis banker
  Android banker that uses overlays.
  banker trojan infostealer anubis
- Anubis family
  anubis
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Reads the contacts stored on the device.
  collection
- Reads the content of the calendar entry data.
  collection
- Reads the content of the call log.
  collection
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery defense_evasion
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Reads information about phone network operator.
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
- Listens for changes in the sensor environment (might be used to detect emulation)
  defense_evasion
behavioral1