Asacub is a banking trojan that attempts to steal money from victims’ bank accounts. It attempts to do this by initiating a wire transfer via SMS message from compromised devices.^[1]

ID: S0540

ⓘ

Associated Software: Trojan-SMS.AndroidOS.Smaps

ⓘ

Type: MALWARE

ⓘ

Platforms: Android

Version: 1.0

Created: 14 December 2020

Last Modified: 16 December 2020

Associated Software Descriptions

Name	Description
Trojan-SMS.AndroidOS.Smaps	^[1]

Techniques Used

Domain	ID	Name	Use
Mobile	T1432	Access Contact List	Asacub can collect the device’s contact list.^[1]
Mobile	T1412	Capture SMS Messages	Asacub can collect SMS messages as they are received.^[1]
Mobile	T1532	Data Encrypted	Asacub has encrypted C2 communications using Base64-encoded RC4.^[1]
Mobile	T1476	Deliver Malicious App via Other Means	Asacub has been spread via phishing SMS messages that contain a link to a website that hosts the malicious APK file.^[1]
Mobile	T1401	Device Administrator Permissions	Asacub can request device administrator permissions.^[1]
Mobile	T1444	Masquerade as Legitimate Application	Asacub has masqueraded as a client of popular free ads services.^[1]
Mobile	T1575	Native Code	Asacub has implemented functions in native code.^[1]
Mobile	T1406	Obfuscated Files or Information	Asacub has stored encrypted strings in the APK file.^[1]
Mobile	T1582	SMS Control	Asacub can send SMS messages from compromised devices.^[1]
Mobile	T1437	Standard Application Layer Protocol	Asacub has communicated with the C2 using HTTP POST requests.^[1]
Mobile	T1426	System Information Discovery	Asacub can collect various pieces of device information, including device model and OS version.^[1]
Mobile	T1422	System Network Configuration Discovery	Asacub can collect various pieces of device network configuration information, such as mobile network operator.^[1]

References

T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020.

Asacub

Associated Software Descriptions

Mobile Layer

Techniques Used

References