This study focuses on the harmful Anatsa code, a trojan especially designed for Android devices that has been present in multiple fraudulent SMS schemes since 2020, in which logistics companies are impersonated in an attempt to get the user to install a malicious application.
This study contains a detailed technical report, drafted after the analysis of a sample found thanks to the indicators obtained from different sources of information, with the aim of identifying the family to which this malicious code belongs and the actions it takes, in order to gather as much information as possible.
An IOC rule and a Yara rule are also available in this analysis to assist in the detection of samples belonging to this malware family.
The technical report includes:
- General information
- Summary of actions
- Detailed analysis
- Antidetection and anti-reverse-engineering techniques