General

  • Target

    0013a9dd488055df0660bddd24a2c9fdbcb77baef8dd43607bfbcfa31f2e271c.apk

  • Size

    3.0MB

  • Sample

    210831-6z2zm3s3ex

  • MD5

    976eaa6314494b6e22af7f6704ee7148

  • SHA1

    9c7651e4b525203398d89b5097ea7599e21c43a7

  • SHA256

    0013a9dd488055df0660bddd24a2c9fdbcb77baef8dd43607bfbcfa31f2e271c

  • SHA512

    d61f59a3ce5a568b29b5f7169559c8f957819c8d2ec02cf14dd1db057ccbbfa766c4f50a8c00613aa2c606ec159786a32e75cdf67c8690007e4a2c2297dea1c3

Malware Config

Targets

    • Target

      0013a9dd488055df0660bddd24a2c9fdbcb77baef8dd43607bfbcfa31f2e271c.apk

    • Size

      3.0MB

    • MD5

      976eaa6314494b6e22af7f6704ee7148

    • SHA1

      9c7651e4b525203398d89b5097ea7599e21c43a7

    • SHA256

      0013a9dd488055df0660bddd24a2c9fdbcb77baef8dd43607bfbcfa31f2e271c

    • SHA512

      d61f59a3ce5a568b29b5f7169559c8f957819c8d2ec02cf14dd1db057ccbbfa766c4f50a8c00613aa2c606ec159786a32e75cdf67c8690007e4a2c2297dea1c3

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot Payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Reads name of network operator

      Uses Android APIs to discover system information.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks