🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Advisory |
Malware Intelligence |
Name |
Anubis |
Type |
Android Banking Trojan |
Target System |
Android |
Affected Industry |
BFSI |
Affected Regions |
Turkey, Italy, US, India, France, Germany, Australia, and Poland |
Tactics |
Techniques |
|
Initial Access |
T1475 | Deliver Malicious App via Authorized App Store |
T1456 | Drive-by Compromise | |
T1444 | Masquerade as Legitimate Application | |
Execution |
T1402 | Broadcast Receivers |
Persistent |
T1401 | Abuse Device Administrator Access to Prevent Removal |
Defense Evasion |
T1418 | Application Discovery |
T1447 | Delete Device Data | |
T1407 | Download New Code at Runtime | |
T1444 | Masquerade as Legitimate Application | |
T1508 | Suppress Application Icon | |
Credential Access |
T1412 | Capture SMS Messages |
Discovery |
T1418 | Application Discovery |
T1420 | File and Directory Discovery | |
Collection |
T1412 | Capture SMS Messages |
Command and Control |
T1521 | Standard Cryptographic Protocol |
T1481 | Web Service | |
Exfiltration |
T1532 | Data Encrypted |
Impact |
T1471 | Data Encrypted for Impact |
T1447 | Delete Device Data | |
T1582 | SMS Control |
opendir | stopsocks5 | downloadfile |
deletefilefolder | recordsound | startscreenVNC |
stopscreenVNC | startapplication | startsound |
startforegroundsound | getkeylogger | stopsound |
startinj | startforward | Send_GO_SMS |
nymBePsG0 | openbrowser | GetSWSGO |
telbookgotext | cryptokey | getapps |
getpermissions | spam | startaccessibility |
startpermission | replaceurl | ALERT |
PUSH | killBot | startAutoPush |
RequestPermissionInj | startrat | RequestPermissionGPS |
ussd | stopforward | sockshost |
openactivity | getIP | decryptokey |
FileHash |
6fdc856afaf7fbbb3428672d4a2a27bc60754125 |
6b0527b94110d0455eea962f1e72899c583ca582 | |
acaabf5c05a3774a552d2eb6a83ec7f547b14397 | |
ff4b07eb8f81c4c0a2142cdb0ad823be4a8b2d56 | |
1ca465dd60e52e5cf3460253566507e2283eb391e8f78c0169ec5f61b15c206d | |
eeff6ccf798f62c083d9ffb79d3807433c39cc153e85db8bab498d0c688af078 | |
b8441177adf0d2023d1af2f88d76c0c9b10ac7c5c07a4a7111565650428e128e | |
7ddda4ee9691dfb9cbe912930047586403e50d7e20ec9e7695fbdd84697d8a3f | |
d9f4cedc4ba74d5919fcde62b0990f211e7ea3539aac9c13167b1dab51d1803b | |
3e56fd55cef6b86c14b7d1a6aa316464f1e48dedf76913ad048061041b026f11 | |
Domain |
e-devlet-mobil-turkiye.tk |
autismlebanon.org | |
akbenimle.com | |
URL |
http://www-ecimer-uygulamayukleme-govtr.com |
http://xn--20gb-tanmla-kullan-l0c.com | |
http://hediye-internet.site | |
http://kazanin20gbturkiye.com | |
IPv4 |
160.153.129.239 |
160.153.208.233 | |
50.63.202.56 | |
104.27.166.237 |