6e3499a5e63209b34ccc787a7ea57953ff5436b51ca4325ea0da4a958f44ea7b.zip

General
Target

6e3499a5e63209b34ccc787a7ea57953ff5436b51ca4325ea0da4a958f44ea7b.zip

Size

4MB

Sample

211021-j4x3waahaj

Score
10 /10
MD5

320552e65597be294f92ed148137d8e3

SHA1

30e714c80092c80db03ae3efd23263b85a74e3e3

SHA256

45025b1886bb9aaa606d499cee86b4a74176a11d5ff07344c7a98eaaf67ae92f

SHA512

f08c064c3fce53b4252e5fca511d7259a199b6592ef07bdb152dfcaa744c0bd0f4c4fac73447691ed99effbc17e41519ff58854af161f10ec7562a8d2ab4bc86

Malware Config
Targets
Target

6e3499a5e63209b34ccc787a7ea57953ff5436b51ca4325ea0da4a958f44ea7b.apk

MD5

9ef4f52a6ed459eab6311a4a886ec1ea

Filesize

4MB

Score
10/10
SHA1

6380e022ba149c072015389ab634a413f6662530

SHA256

6e3499a5e63209b34ccc787a7ea57953ff5436b51ca4325ea0da4a958f44ea7b

SHA512

34d9e5e63072eab73ea4a1b718d13de94ab277c091c4fa0029ff8f7bb6ea764bfb5520ebede1490ee279e2f823b4b52d10d6a604c0a61cd6ff3e1c8c70cbca98

Tags

Signatures

  • FluBot

    Description

    FluBot is an android banking trojan that uses overlays.

    Tags

  • FluBot Payload

  • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    Description

    suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    Tags

  • Loads dropped Dex/Jar

    Description

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.

  • Uses Crypto APIs (Might try to encrypt user data).

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          7/10