Rewterz Threat Alert – Phishing Related to Etihad Group Of Companies
April 4, 2019Rewterz Threat Advisory – CVE-2018-0472 – Rockwell Automation Stratix 5950
April 5, 2019Rewterz Threat Alert – Phishing Related to Etihad Group Of Companies
April 4, 2019Rewterz Threat Advisory – CVE-2018-0472 – Rockwell Automation Stratix 5950
April 5, 2019Analysis Summary
Anubis banking was developed in 2016 and the malware has been utilized as a trojan, keylogger, and ransomware. Recent Anubis malware samples utilize a mobile device’s accelerometer to avoid detection.
Fraudulent system update alerts and push notifications are used to trick the user into disabling security controls to achieve full exploitation of the device, for additional malware installation.
The malware’s logic detects installed financial applications and impersonates them.
Impact
Anubis banking trojan
Indicators of Compromise
URLs
- b1k51[.]gdn
- b1j3aas[.]life
- wechaatt[.]gdn
- 10as05[.]gdn
- ch0ck4[.]life
- fatur1s[.]life
- b5k31[.]gdn
- erd0[.]gdn
- b1v2a5[.]gdn
- b1502b[.]gdn
- elsssee[.]gdn
- kvp41[.]life
- servertestapi[.]ltd
- taxii[.]gdn
- p0w3r[.]gdn
- 4r3a[.]gdn
- areadozemode[.]space
- selectnew25mode[.]space
- twethujsnu[.]cc
- project2anub[.]xyz
- taiprotectsq[.]xyz
- uwannaplaygame[.]space
Malware Hash (MD5/SHA1/SH256)
- 34D70B6A2C2B1B07128726499FAC19B1
- 4D51687ADB3B75DD18DD68A70204AE56
- FEFACA64DFE0BF6D7081CBBF6A05CCD5
- 210B717194C265739F055B9D8BF4F5F2
- 0F996382F01E4502BCA36EF48A87BE86
- 069BF2F0B21DA3579F7C76EF2B9284D1
- 5d68069e8d258c796af5011e27c11423
- 832ABF77D80FD9A204ABBEB7E7CA9E4A
- F4A0D659C8F7F79D0CD629296CA95478
- 3AE09A3D86BC1083A7B67C7827F510B1
- 69D0286289A18A2BCF8C1BAFD431B2B7
- A36FA1C70BB238A83547580ED013F8F7
- A1007FCB2F238B1A0E63E6B195446086
- F16FE16ACD942AA1AF79BE2BD1C1F923
- B534F3CA69BBDE1299CCDDDCB3591E5B
- F59D91BCF3CFC8C94E4345C218D9E41C
- 9515BA4A7D3E9113402DE9F858E001A4
- 9698340576e27fd11643e6869a192bd0
- DF22128F3C66BCC8074538E47DEC7544
- A543A7FE67C99EAC11F5E6B8C5F6B5FB
- b0ff12e875d1c32bd05dde6bb34e9805
- bc53a5857b1e29bef175d64fbec0c186
- e6714a332e58e7e92b4eb72c7db8756253538cc0
- 49dd6e33d64835152152b09b763e3603395b99de
- 27806e7f4a4a5e3236d52e432e982915ce636da4
- 4D417C850C114F2791E839D47566500971668C41C47E290C8D7AEFADDC62F84C
- 6FD52E78902ED225647AFB87EB1E533412505B97A82EAA7CC9BA30BE6E658C0E
- AE0C7562F50E640B81646B3553EB0A6381DAC66D015BAA0FA95E136D2DC855F7
- CF46FDC278DC9D29C66E40352340717B841EAF447F4BEDDF33A2A21678B64138
- DE2367C1DCD67C97FCF085C58C15B9A3311E61C122649A53DEF31FB689E1356F
- 89f537cb4495a50b082758b34e54bd1024463176d7d2f4a445cf859f5a33e38f
- d93e03c833bac1a29f49fa5c3060a04298e7811e4fb0994afc05a25c24a3e6dc
- 3a3c5328347fa52383406b6d6ca31337442659ae8fafdff0972703cb49d97ac2
- 138e3199d53dbbaa01db40742153775d54934433e999b9c7fcfa2fea2474ce8d
- c1720011300d8851bc30589063425799e4cce9bb972b3b32b6e30c21ce72b9b6
- bb932ca35651624fba2820d657bb10556aba66f15c053142a5645aa8fc31bbd0
- 9a2149648d9f56e999bd5af599d041f00c3130fca282ec47430a3aa575a73dcd
- e5ac8b77e264c68a38be42bd16b1253b7cf96a1258444040ed6046c9096ecd08
- 451b4cf00e36bf164b4e721d02eab366caf85690d243a539eba5a4bbd1f9e5fa
- 48bd70850a04a26db239e47611ce7e660c2b08b2dd56d81ed7a608e2659e1d7c
- 7960bb11e52516134774e8a262c6d78e5683ba9814015eb12b076e7d4e188c4b
- c5fbf3f7ddf354a99abbb7652254032d11682106d004373b509981c7a77d1bef
- f4db61ab1a314955e4134ec6fdcf9bd47ff8141928a1e467c052876327e4ef8b
- ab27065953ff7329c261a27149e2ce63e9a170714df7619b011db89eb5f68069
- 5126bd2a0e6b74178994c17102e4e18ffe1ab6f398a69225913f60eccef7a652
- e56acc1eedc47854c89a02b93ae5bd078e91001dd85e2c7739b649beddbee885
- aa63ce659eb3054f00656b2a4fa4bbc14f421d7b2ccb99d333f619613d75fc8f
- 20e838966993b73f2d65df993fb21d85ab186702a6b1732aba1ea3a98a79b22a
- f8de1e8ed70f77dd792035e0cdd3e5c026feece6790f6e2266f8d5f37198b8fa
- 43c26e071d22e3e14efb669705ba9113067894e9035a051b76b3632330ef8884
- d7699cb3c4ec67f3cbe04701360da36622408b70b8d5ec413474d2a83b7172d9
- a3ad2f7e3fc04db4e1c919f9df4235b8a1728ef4f4d2e5bb30905262719bbde5
- 453ba4a1d229049b6bd415192cafda79238a4f2b1e4d1450174903284a304d33
- c59a2b3bdb8363d9610ed3bc5cd707ee25a2384e3e2e74bd1ad5bd16b69fa014
- ee83ac9a851638f77693eea48ba8034c6d15e630ddb9ad19e204bfa3fe881dc6
- 26827b3db72e07ab7649bb21b89dbb5376fcf76de1849ae41265965f80d5ecf7
- 501e88a12be8fdba7d25472f08437308c313dd70aaeac4d162bbb6836ff4bc4a
- 09e897341d910b44884a9e6d9d2f0bc39dcf2a50e0f35062b07c5f946e5c5b66
- 876fa3268d5f15be13f9e6021133811062b90d6830f25b8b297be98f27d747f0
- e02112cf09522ee7231229dabf331bf725531945d56865416355211d45ddb849
- 1ab4e5a08f4bf5f95b2462ee12da893851a715b5569603fb95d5f2f7bf2293de
- 38b5f8c4ddcb2b53aaa33d19efdb6ea6e489aafa0e906da57345c3ca5f01ffa7
- c17cfc49391472ad0a85e0bde934bf289d1402c86cf8353ce5c9296c350a73d6
- ef1ae5f0ed8a8216dda6ed2dec979e799bfd58fb548a8acb941407b950673ae9
- db2d7ca6c1317e5697d0bc61f67bc38316888d20ee9dba32f7165bf23f177061
- fe26d6a0e3425d9622b2aef7c4199b0d9569f849453b12cb75ba42e5f002dd67
- e3b764ba2795af097efc554331bd9c8a804b5a030dfd495cc8169ce331ac5cad
- 009220919c4ecf5e72f7be4886a454d11b951dbc488656a811cd7517ad4c0c35
- 804fc95f250dc275e805fdabd862bcc3a2b60796915c3da575722015f64adf4e
- 15d31751bd91ee0082f75f581f099e2f986a7c7ccc2748cdd8a0adf9320d748a
- 8a8fe94c0e4f3fcaaf1f49aa27b13908c01a7574d31a84d55683f9cd1854d211
- 27c4263d9030435a6f107878c0ba50998cf82d5852618b989acab9843df55d62
- 39de72ff4b93565cd25fa303b8f17dcaabff101c138a0a5282c747d15b70053f
- 31c33f8102669b5ffc117ebd076646cefb0ae6b7ea12d1779ebd9d64a2de70d3
- f532275eb109ffb5ef35ec42c5445b6e9cdaadad099c977aab8841664cdab292
- d2ffa12048169cf9eba113dbb47b78708e83d9b5e778276a40100617e0dbbbdc
- 3c35f97b9000d55a2854c86eb201bd467702100a314486ff1dbee9774223bf0e
- e01ed0befbc50eeedcde5b5c07bf8a51ab39c5b20ee6e1f5afe04e161d072f1d
- 79c29b79f119a453efd27117c641f73cab4aad76f1f94d9ae538c0a4d4f85ca7
- dd60d79c08b5eb50de4ec47cb1e52a1a6c1a5abc25a302db9b2ab1685730203d
- deb319019ba88acf8e5fb1b594525f28487e111e6fd641c7dbb23551f7925570
- 074ae028bd3204a7e7e7a510ad0f88c49cb780fa07e91944f111af146c39c91c
- 5a6f9ac189dc65dad3744005644a251f73ff2a8022a70431bf90945fc7da021b
- b012eb5538ad1d56c5bdf9fe9562791a163dffa4
- bc87c9fffcdac4eea1b84c62842ce1138fd90ed6
- 7e025e21d445be9b6b12a9181ada4bab3db5819c
- e29c814c2527ebbac11398877beea2bc75b58ffd
- 16fc9bc96f58ba35a04ade2d961b0108d135caa5
- 48b93f6e4c6717bb87eb60129cc5ef07733f63e94f19cd2fa8214e89f6a61fdc
- 4b410fc2a49c822b0d4df3419087d9eb6fea6df7e1b5d21ca575c7b83f1a490f
- 9bb207a05703406f05f5749299b4c68f0de159be06550588ef1415c181401241
- 5555a4226d3db9549a6d2b73a988f1ec0e399d766c2cae0727670b4fb0bd6de3
- b3a4df38699300c2acb3efb3a29d5eb152e35ed1eb293fedb6d262441463421b
- 381b86843f3ebd8d4e4cf7aaa9b4b23dc64507d853745d54a65061250ea88b35
Remediation
- Block threat indicators at respective controls
- Always be aware of the suspicious emails sent by unknown senders
- Never click on the link/attachments sent by unknown senders
- Keep software and operating systems up to date, as many malware variants prey on older, insecure versions.
- Exercise caution even when installing from official stores. Only follow links to applications from trusted sites, and if you’re in any doubt, don’t install.