Resubmissions

29-09-2021 21:36

210929-1fy4psgaan 10

29-09-2021 11:16

210929-ndbt6sehaq 10

General

  • Target

    cf7bad7f9acd8c5ee2643bf34c02ee38e57cddfd3c8810100e253a3a9e5cafbf.apk

  • Size

    2.4MB

  • Sample

    210929-1fy4psgaan

  • MD5

    348d581128e60243481f88e5198beaa0

  • SHA1

    c16ba8fefb39f22eb58f6bca5b10ba76c2d88f16

  • SHA256

    cf7bad7f9acd8c5ee2643bf34c02ee38e57cddfd3c8810100e253a3a9e5cafbf

  • SHA512

    cc752187dbe88cb469dbfb675020c09d1d469fd5e05d619095e7a08ffb882ed52395aab21a132737f901ca2db94de61b3c61f4a1b4ec568a808932763a6d9cc5

Malware Config

Targets

    • Target

      cf7bad7f9acd8c5ee2643bf34c02ee38e57cddfd3c8810100e253a3a9e5cafbf.apk

    • Size

      2.4MB

    • MD5

      348d581128e60243481f88e5198beaa0

    • SHA1

      c16ba8fefb39f22eb58f6bca5b10ba76c2d88f16

    • SHA256

      cf7bad7f9acd8c5ee2643bf34c02ee38e57cddfd3c8810100e253a3a9e5cafbf

    • SHA512

      cc752187dbe88cb469dbfb675020c09d1d469fd5e05d619095e7a08ffb882ed52395aab21a132737f901ca2db94de61b3c61f4a1b4ec568a808932763a6d9cc5

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot Payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks