S0540 Asacub
Asacub is a banking trojan that attempts to steal money from victims’ bank accounts. It attempts to do this by initiating a wire transfer via SMS message from compromised devices.1
| Item | Value |
|---|---|
| ID | S0540 |
| Associated Names | Trojan-SMS.AndroidOS.Smaps |
| Type | MALWARE |
| Version | 1.0 |
| Created | 14 December 2020 |
| Last Modified | 16 December 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Associated Software Descriptions
| Name | Description |
|---|---|
| Trojan-SMS.AndroidOS.Smaps | 1 |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1626 | Abuse Elevation Control Mechanism | - |
| mobile | T1626.001 | Device Administrator Permissions | Asacub can request device administrator permissions.1 |
| mobile | T1437 | Application Layer Protocol | - |
| mobile | T1437.001 | Web Protocols | Asacub has communicated with the C2 using HTTP POST requests.1 |
| mobile | T1532 | Archive Collected Data | Asacub has encrypted C2 communications using Base64-encoded RC4.1 |
| mobile | T1575 | Native API | Asacub has implemented functions in native code.1 |
| mobile | T1406 | Obfuscated Files or Information | Asacub has stored encrypted strings in the APK file.1 |
| mobile | T1636 | Protected User Data | - |
| mobile | T1636.003 | Contact List | Asacub can collect the device’s contact list.1 |
| mobile | T1636.004 | SMS Messages | Asacub can collect SMS messages as they are received.1 |
| mobile | T1582 | SMS Control | Asacub can send SMS messages from compromised devices.1 |
| mobile | T1426 | System Information Discovery | Asacub can collect various pieces of device information, including device model and OS version.1 |
| mobile | T1422 | System Network Configuration Discovery | Asacub can collect various pieces of device network configuration information, such as mobile network operator.1 |