SHA1 packed:
- e6714a332e58e7e92b4eb72c7db8756253538cc0
SHA1 unpacked:
- 49dd6e33d64835152152b09b763e3603395b99de
A banking Trojan for Android OS, also known as Anubis. Distributed and disguised as an innocuous program. Based on the source code of the malicious application Android.BankBot.149.origin.
The Trojan can receive the following commands from the managing server:
- Send SMS – sending SMS messages containing a defined text to the number specified in the command;
- Start USSD – executing USSD-request;
- Get all SMS – sending copies of SMS messages stored on the device to the managing server;
- Get all installed applications – receiving information about applications installed;
- Show message box – showing a dialog box with the text specified in the command;
- Show push notification – showing push notifications whose contents are specified in the command;
- Automatically show push notification – showing push notifications whose contents are set in the Trojan's code;
- Start fake-locker – blocking the screen of the device window WebView, which showed the content received from the server web page;
- Get number from phone book – sending all the numbers from the contact list to the server;
- Sending SMS to your contacts – sending SMS messages to all numbers from the contact list;
- Request permission for injection – requesting permission to access data;
- Request permission for geolocation – requesting permission tor access device location;
- Start Accessibility Service – requesting access to accessibility features (Accessibility Service);
- Get all permissions – checking the availability of the additional permissions for functioning;
- Start permission – requesting access to additional permissions;
- Get IP Bot – determining an IP address of the infected smartphone or tablet;
- Kill Bot – cleaning up its configuration file and stopping own work.
