General

  • Target

    c9cd80c2428c1116a62d5f7585edccac4fa59e1ba45a8ca460a865d814127c6c.apk

  • Size

    3.0MB

  • Sample

    210728-ggb44txcs6

  • MD5

    d8c0bd2a7262f3b2740a3054b7ba449c

  • SHA1

    ab617774f1f65be4cda21d8f8dacd87e7f0926ad

  • SHA256

    c9cd80c2428c1116a62d5f7585edccac4fa59e1ba45a8ca460a865d814127c6c

  • SHA512

    5e1a58272332332146301c5d4c8241a8fa85682ffbfe8523e4d6d37ea525c130121b30f78ecd6dc3fef3fd3202caf13cf08cebb2c15c49c4c174da3ef063c316

Malware Config

Targets

    • Target

      c9cd80c2428c1116a62d5f7585edccac4fa59e1ba45a8ca460a865d814127c6c.apk

    • Size

      3.0MB

    • MD5

      d8c0bd2a7262f3b2740a3054b7ba449c

    • SHA1

      ab617774f1f65be4cda21d8f8dacd87e7f0926ad

    • SHA256

      c9cd80c2428c1116a62d5f7585edccac4fa59e1ba45a8ca460a865d814127c6c

    • SHA512

      5e1a58272332332146301c5d4c8241a8fa85682ffbfe8523e4d6d37ea525c130121b30f78ecd6dc3fef3fd3202caf13cf08cebb2c15c49c4c174da3ef063c316

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot Payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Reads name of network operator

      Uses Android APIs to discover system information.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks