ioc[.]one - OSINT Cyber Threat Intelligence Database

Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store

Tags

cmtmf-attack-pattern:	Event Triggered Execution Location Tracking Masquerade As Legitimate Application
country:	Germany Finland South Korea Spain Singapore
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Broadcast Receivers - T1402 Application Versioning - T1661 Broadcast Receivers - T1624.001 Credentials - T1589.001 Data From Local System - T1533 Download New Code At Runtime - T1407 Event Triggered Execution - T1624 Event Triggered Execution - T1546 Input Injection - T1516 Javascript - T1059.007 Location Tracking - T1430 Malware - T1587.001 Malware - T1588.001 Masquerade As Legitimate Application - T1444 Obfuscated Files Or Information - T1406 Protected User Data - T1636 Server - T1583.004 Server - T1584.004 Data From Local System - T1005

Show in Graph

Common Information

Type	Value
UUID	1c593e64-dd5e-4f1f-932e-f0fbfe0b2149
Fingerprint	8d4535898dbaa7c9
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 27, 2024, midnight
Added to db	Aug. 31, 2024, 10:41 a.m.
Last updated	Nov. 17, 2024, 12:58 p.m.
Headline	Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store
Title	Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store
Detected Hints/Tags/Attributes	76/4/28

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	406	✔	Security Research \| Blog Category Feed	https://www.zscaler.com/blogs/feeds/security-research	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	agent5.ae
Details	Domain	1	menusand.com
Details	Domain	1	becorist.com
Details	File	1	86.apk
Details	md5	1	718659f464c3231dc0eeeacfdcbdfa74
Details	md5	1	36089c60ce1bfc975c3b561abb67f0de
Details	md5	1	cb02f9e5a5671e3f13bc26d3017b8632
Details	md5	1	7c6f2ccd081b383c2a4924eb4c793d71
Details	IPv4	5	185.215.113.31
Details	IPv4	1	91.215.85.55
Details	MITRE ATT&CK Techniques	4	T1624
Details	MITRE ATT&CK Techniques	17	T1444
Details	MITRE ATT&CK Techniques	4	T1626
Details	MITRE ATT&CK Techniques	43	T1546
Details	MITRE ATT&CK Techniques	19	T1533
Details	MITRE ATT&CK Techniques	21	T1430
Details	MITRE ATT&CK Techniques	1	T1636
Details	MITRE ATT&CK Techniques	3	T1661
Details	MITRE ATT&CK Techniques	15	T1407
Details	MITRE ATT&CK Techniques	15	T1516
Details	MITRE ATT&CK Techniques	19	T1406
Details	Url	1	https://menusand.com/pdffile
Details	Url	1	https://menusand.com/hanihani
Details	Url	1	https://menusand.com/86.apk
Details	Url	1	http://185.215.113.31:85/api
Details	Url	1	http://91.215.85.55:85/api
Details	Url	1	https://becorist.com/juranfile
Details	Url	1	https://becorist.com/trani