Overview

overview

10

Static

static

7

sample.apk

android_x86

10

sample.apk

android_x64

10

sample.apk

android_x64

10

Resubmissions

22-10-2021 12:26

211022-pl9xlscebm 10

22-10-2021 12:24

211022-plhs5acebl 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30937927e8891f8c0fd2c7b6be5fbc5a05011c34a7375e91aad384b82b9e6a67.bin.sample.gz

  • Size

    6.1MB

  • Sample

    211022-pl9xlscebm

  • MD5

    8115af3b5ae2ddef03a541ecace82499

  • SHA1

    1105a2a67df0d1b30f5971f219b477b93f8e0c61

  • SHA256

    4d04c922d7d03c53e603ec4c155ce497a945d86c41f6747e3eed39e4e06d43b9

  • SHA512

    fd8e7062e05efec7695940146601e9161da26309548d91a85a104e7be2ce09f8148b9fb5ebfcd4d8fe45dd7d7b2805e60433815d7b4f5ac976737a798bfea3f2

Score
10/10
flubotandroidbankerinfostealerransomwaresuricatatrojan

Malware Config

Targets

    • Target

      sample

    • Size

      6.1MB

    • MD5

      1a2a4044cf18eed59e66c413db766145

    • SHA1

      4e6e9995c3792d8cbcdd8aeb762bb0a6f74cef68

    • SHA256

      30937927e8891f8c0fd2c7b6be5fbc5a05011c34a7375e91aad384b82b9e6a67

    • SHA512

      cc069b2cc2e3c55190b0c840d98b2f6612e7779c759a24dfd903d96a028f5375ef806c40910efb98d566cef276557dab5cba13397cedc9a1ad56c1d2e1727ae8

    Score
    10/10
    flubotbankerinfostealerransomwaretrojansuricata

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot Payload

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks