Overview

overview

10

Static

static

7

DHL52.apk

android_x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL52.apk

  • Size

    5.3MB

  • Sample

    211214-kqp1safdf5

  • MD5

    61ff170d4f7dabc86da8fb0f60bf36ad

  • SHA1

    3ba9a692d3d62284f279c75e4cfa0e5b69184e72

  • SHA256

    af83e659196774e779b22038e11c4b0a4665d082064fe997510634000fdb0222

  • SHA512

    937cc378c9a71bcddc6a798ff53374cb260363fc683ced7ea9130ff21a6071ff04bad8f2eda907172bc665f9d9cd0d8e9da3028a79684e73f26a9bb46ea5d2a2

Score
10/10
flubotandroidbankerinfostealerransomwaretrojan

Malware Config

Targets

    • Target

      DHL52.apk

    • Size

      5.3MB

    • MD5

      61ff170d4f7dabc86da8fb0f60bf36ad

    • SHA1

      3ba9a692d3d62284f279c75e4cfa0e5b69184e72

    • SHA256

      af83e659196774e779b22038e11c4b0a4665d082064fe997510634000fdb0222

    • SHA512

      937cc378c9a71bcddc6a798ff53374cb260363fc683ced7ea9130ff21a6071ff04bad8f2eda907172bc665f9d9cd0d8e9da3028a79684e73f26a9bb46ea5d2a2

    Score
    10/10
    flubotbankerinfostealerransomwaretrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot Payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1

MITRE ATT&CK Matrix

Tasks