Overview

overview

10

Static

static

7

6e3499a5e6...7b.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e3499a5e63209b34ccc787a7ea57953ff5436b51ca4325ea0da4a958f44ea7b.zip

  • Size

    4.1MB

  • Sample

    211021-j4x3waahaj

  • MD5

    320552e65597be294f92ed148137d8e3

  • SHA1

    30e714c80092c80db03ae3efd23263b85a74e3e3

  • SHA256

    45025b1886bb9aaa606d499cee86b4a74176a11d5ff07344c7a98eaaf67ae92f

  • SHA512

    f08c064c3fce53b4252e5fca511d7259a199b6592ef07bdb152dfcaa744c0bd0f4c4fac73447691ed99effbc17e41519ff58854af161f10ec7562a8d2ab4bc86

Score
10/10
flubotandroidbankerinfostealerransomwaresuricatatrojan

Malware Config

Targets

    • Target

      6e3499a5e63209b34ccc787a7ea57953ff5436b51ca4325ea0da4a958f44ea7b.apk

    • Size

      4.3MB

    • MD5

      9ef4f52a6ed459eab6311a4a886ec1ea

    • SHA1

      6380e022ba149c072015389ab634a413f6662530

    • SHA256

      6e3499a5e63209b34ccc787a7ea57953ff5436b51ca4325ea0da4a958f44ea7b

    • SHA512

      34d9e5e63072eab73ea4a1b718d13de94ab277c091c4fa0029ff8f7bb6ea764bfb5520ebede1490ee279e2f823b4b52d10d6a604c0a61cd6ff3e1c8c70cbca98

    Score
    10/10
    flubotbankerinfostealerransomwaresuricatatrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot Payload

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1

MITRE ATT&CK Matrix

Tasks