Unboxing Anubis: Exploring the Stealthy Tactics of FIN7's Latest Backdoor

March 21, 2025, 2:46 p.m.

Description

FIN7, a notorious cybercrime group, has developed a new Python-based backdoor called AnubisBackdoor. This sophisticated tool employs multi-stage attacks, encryption, and obfuscation techniques to evade detection. The malware is distributed through phishing campaigns and uses AES encryption with multiple layers of obfuscation. AnubisBackdoor's core functionality includes network communication, system access, and anti-analysis features. It can execute commands, manipulate files, and gather system information. The backdoor maintains persistence through Windows Registry and uses a custom command protocol for C2 communication. This new tool demonstrates FIN7's continued evolution in developing covert communication channels and highlights their advanced capabilities in cybercrime operations.

External References

https://feeds.feedblitz.com/~/915161810/0/gdatasecurityblog-en~Unboxing-Anubis-Exploring-the-Stealthy-Tactics-of-FINs-Latest-Backdoor
https://www.gdatasoftware.com/fileadmin/web/general/images/blog/2025/03/G_DATA_Blog_Anubis_Backdoor_Title.jpg
https://www.gdatasoftware.com/blog/2025/03/38161-analysis-fin7-anubis-backdoor
https://otx.alienvault.com/pulse/67dc66bfb7805b74ba33d8f4
Tags
obfuscation
apt
phishing
python
encryption
2025-03-20
financial-crime
anubisbackdoor
hospitality-sector

Date

  • Created: March 20, 2025, 7:04 p.m.
  • Published: March 20, 2025, 7:04 p.m.
  • Modified: March 21, 2025, 2:46 p.m.

Attack Patterns

  • AnubisBackdoor
  • FIN7

Additional Informations

  • Hospitality
  • Finance