General

  • Target

    c0ddc0f427580ea6ed47c799d46778cf1a9baa8385ba50a3f83d291444e04535 (1).apk

  • Size

    3.0MB

  • Sample

    210901-tt8tctlylj

  • MD5

    ec815819fee4fbda61106aa027f42c4d

  • SHA1

    27edea4d5a34cf462f0e77f6d2bbee8f17f9e27a

  • SHA256

    c0ddc0f427580ea6ed47c799d46778cf1a9baa8385ba50a3f83d291444e04535

  • SHA512

    779a1745e1afd5b263daf6d73049df40134331294e175df80c17ff55b9b67497f9b812c3685cf3bcfc5f260b6d0269fc172e6c1b17fd59748a33471c7f973bbb

Malware Config

Targets

    • Target

      c0ddc0f427580ea6ed47c799d46778cf1a9baa8385ba50a3f83d291444e04535 (1).apk

    • Size

      3.0MB

    • MD5

      ec815819fee4fbda61106aa027f42c4d

    • SHA1

      27edea4d5a34cf462f0e77f6d2bbee8f17f9e27a

    • SHA256

      c0ddc0f427580ea6ed47c799d46778cf1a9baa8385ba50a3f83d291444e04535

    • SHA512

      779a1745e1afd5b263daf6d73049df40134331294e175df80c17ff55b9b67497f9b812c3685cf3bcfc5f260b6d0269fc172e6c1b17fd59748a33471c7f973bbb

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot Payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Reads name of network operator

      Uses Android APIs to discover system information.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks