General

  • Target

    7fecfa6082c8bfa28b465f31764da02cb31f3965a066f2354d02bcd6b79ea97c.apk

  • Size

    3.3MB

  • Sample

    210906-lznpraeagm

  • MD5

    2de63eeffcc758cd7b1757f4a4c29b4e

  • SHA1

    f21fb06abe67745f71a9136e06aa1dda36c8b870

  • SHA256

    7fecfa6082c8bfa28b465f31764da02cb31f3965a066f2354d02bcd6b79ea97c

  • SHA512

    f7c63be74c00efb5ffd569396de197b97d4f3b2cbed8fcf3904158b00897c3ef0baa0e34e51d7fcb9333fc3284d30eba579eecc17fd59a92776e50ded8985ed2

Malware Config

Targets

    • Target

      7fecfa6082c8bfa28b465f31764da02cb31f3965a066f2354d02bcd6b79ea97c.apk

    • Size

      3.3MB

    • MD5

      2de63eeffcc758cd7b1757f4a4c29b4e

    • SHA1

      f21fb06abe67745f71a9136e06aa1dda36c8b870

    • SHA256

      7fecfa6082c8bfa28b465f31764da02cb31f3965a066f2354d02bcd6b79ea97c

    • SHA512

      f7c63be74c00efb5ffd569396de197b97d4f3b2cbed8fcf3904158b00897c3ef0baa0e34e51d7fcb9333fc3284d30eba579eecc17fd59a92776e50ded8985ed2

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot Payload

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Reads name of network operator

      Uses Android APIs to discover system information.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks