General

  • Target

    692f0722d6a744c09c8d9ccf18c11a57fb32ba664883b2fbd1dadcdcd9aeb6f7.apk

  • Size

    3.0MB

  • Sample

    210922-jry5eaefal

  • MD5

    a25e35c409121d90150ad93898131806

  • SHA1

    e55270e1095869918b919e758bb802cd4ae3e6d3

  • SHA256

    692f0722d6a744c09c8d9ccf18c11a57fb32ba664883b2fbd1dadcdcd9aeb6f7

  • SHA512

    8090412f9b821a7d3a3951064faddb26cbc695d251bb3d2113616809c50986ba4a012052461010488c0abf5525655116eba8e0647cac0d1b57deef3a11078699

Malware Config

Targets

    • Target

      692f0722d6a744c09c8d9ccf18c11a57fb32ba664883b2fbd1dadcdcd9aeb6f7.apk

    • Size

      3.0MB

    • MD5

      a25e35c409121d90150ad93898131806

    • SHA1

      e55270e1095869918b919e758bb802cd4ae3e6d3

    • SHA256

      692f0722d6a744c09c8d9ccf18c11a57fb32ba664883b2fbd1dadcdcd9aeb6f7

    • SHA512

      8090412f9b821a7d3a3951064faddb26cbc695d251bb3d2113616809c50986ba4a012052461010488c0abf5525655116eba8e0647cac0d1b57deef3a11078699

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot Payload

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Reads name of network operator

      Uses Android APIs to discover system information.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks