General

  • Target

    Voicemail86.apk

  • Size

    5.0MB

  • Sample

    211126-spm4ssgdf4

  • MD5

    749510b3010a45fea2d2763476e17511

  • SHA1

    79589fd0ba7c1d0afc8c3d1e22ed60a38585348e

  • SHA256

    df5944f9190614f04a8818a50438dfaf3339fa95289cdc0af54f8f239eb253fd

  • SHA512

    b98e95c300068d9273a0e8143f2c9fec31abd8d806cd653dc83ed580a07bda1de6d442a0540e4db5a0abd86dbfd67f012aa6fdcc0ac1b6e9803b0c65bc11c3e4

Malware Config

Targets

    • Target

      Voicemail86.apk

    • Size

      5.0MB

    • MD5

      749510b3010a45fea2d2763476e17511

    • SHA1

      79589fd0ba7c1d0afc8c3d1e22ed60a38585348e

    • SHA256

      df5944f9190614f04a8818a50438dfaf3339fa95289cdc0af54f8f239eb253fd

    • SHA512

      b98e95c300068d9273a0e8143f2c9fec31abd8d806cd653dc83ed580a07bda1de6d442a0540e4db5a0abd86dbfd67f012aa6fdcc0ac1b6e9803b0c65bc11c3e4

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot Payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks