A funded actor of a threat known as Fin7 was associated with the back of the found Android Banking Trojan the name of the same name) that can give them remote access to the impaired Windows systems.
“This malicious software allows the attackers to perform the teams of remote shells and other system operations, giving them full control over the infected machine,” Swiss Cybersecurity Company – Note In the technical report of malicious software.
Fin7, also called carbon spider, elbus, golden niagari, sangria and wild cow Russian Cybercrime Group famous for its is constantly developing and expanded A set of malicious programs to obtain initial access and data exports. In recent years, the actor is said to have moved to the branch of the redemption.
In July 2024, the group was observed using a variety of online -psychics to advertise tool called Aukill (aka Avneutralizer), which is able to stop safety tools in a likely attempt to diversify its monetization strategy.
It is believed that Anubis is distributed through Malspam companies, which usually attracts victims on a useful load located on broken SharePoint sites.
Delivered as an archive of Zip, the entry point of the infection is a Python scenario designed to decrypt and perform the basic embarrassed useful load directly in memory. After launching, Backdoor links a remote server over the Base64 TCP socket.
Answers from the server, also coded Base64, allow it to assemble the host IP address, download/download files, change the current work catalog, seize the variable environment, change the Windows registry, download Dll files in memory by pythonmemorymodule and stop yourself.
In an independent analysis Anubis German security company Gdata – Note Backdoor also supports the opportunity to launch the operator as a shell team in the victim system.
“This allows the attackers to perform such actions as keys, shooting screenshots, or theft of passwords, without keeping these opportunities in the infected system,” said Praft. “Keeping the back as light as possible, they reduce the risk of detecting, maintaining flexibility to perform further harmful activity.”
