General

  • Target

    3d9e6c1c83f5ca47fe4d7e1596f250bf270047ec001fdfdea53e43b2b178d5e9.apk

  • Size

    3.4MB

  • Sample

    210730-nzgqhfj8ta

  • MD5

    9bb6b46f334a80524d6456d6226f45af

  • SHA1

    f10cbedd07a7a7eb6bd8bb4f108803fe8d5ebae0

  • SHA256

    3d9e6c1c83f5ca47fe4d7e1596f250bf270047ec001fdfdea53e43b2b178d5e9

  • SHA512

    3df535e19684a88516b77bfc2e749870b002ff2ed8850ed13ba4b98d065e3ae8282043e2df0871b6a23d9a173e308cecc778faa9e53d9d74cbd9736d831d13fe

Malware Config

Targets

    • Target

      3d9e6c1c83f5ca47fe4d7e1596f250bf270047ec001fdfdea53e43b2b178d5e9.apk

    • Size

      3.4MB

    • MD5

      9bb6b46f334a80524d6456d6226f45af

    • SHA1

      f10cbedd07a7a7eb6bd8bb4f108803fe8d5ebae0

    • SHA256

      3d9e6c1c83f5ca47fe4d7e1596f250bf270047ec001fdfdea53e43b2b178d5e9

    • SHA512

      3df535e19684a88516b77bfc2e749870b002ff2ed8850ed13ba4b98d065e3ae8282043e2df0871b6a23d9a173e308cecc778faa9e53d9d74cbd9736d831d13fe

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot Payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Reads name of network operator

      Uses Android APIs to discover system information.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks