General

  • Target

    cfcf44609e78954ea1d7301e242d34495275c091b753f0a9d67693e588a38b28.apk

  • Size

    3.3MB

  • Sample

    210830-254f4y333a

  • MD5

    6075a15cd5d0acea8f112d2d680a307c

  • SHA1

    e5a9b8868e8f38067a2b358efacce9b1304e8dea

  • SHA256

    cfcf44609e78954ea1d7301e242d34495275c091b753f0a9d67693e588a38b28

  • SHA512

    75f7b013c2a7689a8a069a166be3e93dad19c6fcb2526f1e69bedc4241a5c8dd83904a8fa7d080e8815dca0db8c3b4f94388203d7ccd088b9e8d2d6663c1e4b5

Malware Config

Targets

    • Target

      cfcf44609e78954ea1d7301e242d34495275c091b753f0a9d67693e588a38b28.apk

    • Size

      3.3MB

    • MD5

      6075a15cd5d0acea8f112d2d680a307c

    • SHA1

      e5a9b8868e8f38067a2b358efacce9b1304e8dea

    • SHA256

      cfcf44609e78954ea1d7301e242d34495275c091b753f0a9d67693e588a38b28

    • SHA512

      75f7b013c2a7689a8a069a166be3e93dad19c6fcb2526f1e69bedc4241a5c8dd83904a8fa7d080e8815dca0db8c3b4f94388203d7ccd088b9e8d2d6663c1e4b5

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot Payload

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Reads name of network operator

      Uses Android APIs to discover system information.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks