General

  • Target

    083cc87dcf5eba8916aa006b98008c0a7ad78a1d6e7f59e09a05ccfeb60abe4e.apk

  • Size

    3.0MB

  • Sample

    210729-dk9834wxfe

  • MD5

    7f5d0f0a58dc2fb8712c468b647ed8a0

  • SHA1

    508e4d293d5c66f72d0e41c9408c37a9db51bd01

  • SHA256

    083cc87dcf5eba8916aa006b98008c0a7ad78a1d6e7f59e09a05ccfeb60abe4e

  • SHA512

    f90ec77a34c94a4fd8d18afa2ce48bcf66ea6d892732dca516d4b94ed6a410395b65b155cbf3e12a40f1a945be5cf738aaa5d6cb67159d349d58d6b4ee705f66

Malware Config

Targets

    • Target

      083cc87dcf5eba8916aa006b98008c0a7ad78a1d6e7f59e09a05ccfeb60abe4e.apk

    • Size

      3.0MB

    • MD5

      7f5d0f0a58dc2fb8712c468b647ed8a0

    • SHA1

      508e4d293d5c66f72d0e41c9408c37a9db51bd01

    • SHA256

      083cc87dcf5eba8916aa006b98008c0a7ad78a1d6e7f59e09a05ccfeb60abe4e

    • SHA512

      f90ec77a34c94a4fd8d18afa2ce48bcf66ea6d892732dca516d4b94ed6a410395b65b155cbf3e12a40f1a945be5cf738aaa5d6cb67159d349d58d6b4ee705f66

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot Payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Reads name of network operator

      Uses Android APIs to discover system information.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks