MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 731c0da8d74adbb557a0abd4ec2aa6c61e09d429560d76549881f08e564b27cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Anubis


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 731c0da8d74adbb557a0abd4ec2aa6c61e09d429560d76549881f08e564b27cd
SHA3-384 hash: 3bf167b6b74e67a82e7ce877f68527e541a946a795058dda84fae77c2d57c50521a53c669763df22174f9a21fe224cf1
SHA1 hash: 3d1d4445e5daa4e88adca360e45da9277c60eb4d
MD5 hash: c2df5601485a33aa2feb1cb3b00e1bac
humanhash: echo-cup-moon-mockingbird
File name:Aleyna_Tilki_Ifsa.apk
Download: download sample
Signature Anubis
Create hunting rule
File size:2'317'643 bytes
First seen:2021-12-07 21:36:25 UTC
Last seen:Never
File type: apk
MIME type:application/java-archive
ssdeep 49152:7mqf+e8Gt15R82zo8pHuxwmzxXHb2Vee82QTJf5GPQSQPza46f9JA9ETwQTZt:iqfwGt15R828EH3+XHb2ce82QVQQSQPa
TLSH T1C3B5332BCA0621E2F2ADC97445C260C57D5FAE278B4057EAF81F3844273BE902C5DA67
Reporter unidentified0xc
Tags:Anubis apk signed

Code Signing Certificate

Organisation:Android
Issuer:Android
Algorithm:sha1WithRSAEncryption
Valid from:2008-02-29T01:33:46Z
Valid to:2035-07-17T01:33:46Z
Serial number: 936eacbe07f201df
Intelligence: 1756 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
509
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Android.BankBot.11325.31261.2741.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/61afd402fa72c81b5b109684/reports/0c3f08c4-c3f9-4b34-a8cf-0ac8c183be7f/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/731c0da8d74adbb557a0abd4ec2aa6c61e09d429560d76549881f08e564b27cd
Result
Threat name:
Anubis BankBot Cerberus
Create hunting rule
Detection:
malicious
Classification:
rans.troj.spyw.expl.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/903472
Signature
Access the class loader (often done to load a new code)
Accesses FileOutputStream via Reflection
Detected Anubis / BankBot ransomware / banking trojan
Detected Cerberus Banking Trojan
Drops a new dex file
Removes its application launcher (likely to stay hidden)
Requests to ignore battery optimizations
Starts/registers a service/receiver on screen off
Strings related to ransomware found
Tries to disable the administrator user
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/731c0da8d74adbb557a0abd4ec2aa6c61e09d429560d76549881f08e564b27cd/
Threat name:
Android.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2021-12-07 23:30:08 UTC
File Type:
Binary (Archive)
Extracted files:
88
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
android
Link:
https://tria.ge/reports/211207-1ggk2sgag9/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Anubis

apk 731c0da8d74adbb557a0abd4ec2aa6c61e09d429560d76549881f08e564b27cd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1864110/
  
Delivery method
Distributed via web download

Comments