Unboxing Anubis: Exploring the Stealthy Tactics of FIN7's Latest Backdoor
Essential information
- Published
- 20/03/2025 19:04
- Modified
- 21/03/2025 14:46
- Tags
- 2025-03-20 anubisbackdoor apt encryption financial crime hospitality-sector obfuscation phishing python
- Related entities
- 1 intrusion sets (apt), 17 techniques (mitre), 1 malware, 2 others
Description
FIN7, a notorious cybercrime group, has developed a new Python-based backdoor called AnubisBackdoor. This sophisticated tool employs multi-stage attacks, encryption, and obfuscation techniques to evade detection. The malware is distributed through phishing campaigns and uses AES encryption with multiple layers of obfuscation. AnubisBackdoor's core functionality includes network communication, system access, and anti-analysis features. It can execute commands, manipulate files, and gather system information. The backdoor maintains persistence through Windows Registry and uses a custom command protocol for C2 communication. This new tool demonstrates FIN7's continued evolution in developing covert communication channels and highlights their advanced capabilities in cybercrime operations.
External references
- https://feeds.feedblitz.com/~/915161810/0/gdatasecurityblog-en~Unboxing-Anubis-Exploring-the-Stealthy-Tactics-of-FINs-Latest-Backdoor
- https://www.gdatasoftware.com/fileadmin/web/general/images/blog/2025/03/G_DATA_Blog_Anubis_Backdoor_Title.jpg
- https://www.gdatasoftware.com/blog/2025/03/38161-analysis-fin7-anubis-backdoor
- https://otx.alienvault.com/pulse/67dc66bfb7805b74ba33d8f4