Overview

overview

10

Static

static

8

Android APK

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    373c2b77c58c03b04d7972a004490306f28b83679a35deb104e53cb21918fa4b.apk

  • Size

    3.0MB

  • Sample

    210729-y6jgxxswnj

  • MD5

    3b2255d30c0219d4073fe73b4b65f00e

  • SHA1

    1de2e5082e302242e768cc00d37283d93399e5c8

  • SHA256

    373c2b77c58c03b04d7972a004490306f28b83679a35deb104e53cb21918fa4b

  • SHA512

    68ebcb91c53bfd634e62b0f8c64f6463f7936a1da4978e8467762a5e72676606fd50321850782aedac02d6fccf9f4e84ae8b86953e4d73ecfa30360d4be5c65b

Score
10/10
flubotandroidbankerinfostealerobfuscationransomwaresuricatatrojan

Malware Config

Targets

    • Target

      373c2b77c58c03b04d7972a004490306f28b83679a35deb104e53cb21918fa4b.apk

    • Size

      3.0MB

    • MD5

      3b2255d30c0219d4073fe73b4b65f00e

    • SHA1

      1de2e5082e302242e768cc00d37283d93399e5c8

    • SHA256

      373c2b77c58c03b04d7972a004490306f28b83679a35deb104e53cb21918fa4b

    • SHA512

      68ebcb91c53bfd634e62b0f8c64f6463f7936a1da4978e8467762a5e72676606fd50321850782aedac02d6fccf9f4e84ae8b86953e4d73ecfa30360d4be5c65b

    Score
    10/10
    flubotbankerinfostealerobfuscationransomwaresuricatatrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot Payload

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1

MITRE ATT&CK Matrix

Tasks