Overview

overview

10

Static

static

8

Android APK

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3fd63767e496f24015ff603de5ce964d1b62033c7eb651eda28d6cbe1ebf5835.apk

  • Size

    3.0MB

  • Sample

    210729-5xfbgyqeys

  • MD5

    3ab4aae038f6b206de84cbc129849a47

  • SHA1

    9a4eacacd7c1146e59757a3911e1b472da0286c9

  • SHA256

    3fd63767e496f24015ff603de5ce964d1b62033c7eb651eda28d6cbe1ebf5835

  • SHA512

    ac71119098107b772919629dee96d26c3ee0ea7f0753356032fcfccc525ae503d7d85ee2edacc7893c61e3e002bd74fa557721ede62092cf94e349ff7ea8be2a

Score
10/10
flubotandroidbankerinfostealerobfuscationransomwaresuricatatrojan

Malware Config

Targets

    • Target

      3fd63767e496f24015ff603de5ce964d1b62033c7eb651eda28d6cbe1ebf5835.apk

    • Size

      3.0MB

    • MD5

      3ab4aae038f6b206de84cbc129849a47

    • SHA1

      9a4eacacd7c1146e59757a3911e1b472da0286c9

    • SHA256

      3fd63767e496f24015ff603de5ce964d1b62033c7eb651eda28d6cbe1ebf5835

    • SHA512

      ac71119098107b772919629dee96d26c3ee0ea7f0753356032fcfccc525ae503d7d85ee2edacc7893c61e3e002bd74fa557721ede62092cf94e349ff7ea8be2a

    Score
    10/10
    flubotbankerinfostealerobfuscationransomwaresuricatatrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot Payload

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Reads name of network operator

      Uses Android APIs to discover system information.

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1

MITRE ATT&CK Matrix

Tasks