General

  • Target

    dcb5e9c2f2c7c2a94b6419527361790132af20d60e681ca87c0c5257393cbac8.apk

  • Size

    5.6MB

  • Sample

    211221-np6tpadcb8

  • MD5

    2146bdd30739a241a5b24a75fa4e1fb3

  • SHA1

    b61dfece6027e320552bdd263bb7e7805837b550

  • SHA256

    dcb5e9c2f2c7c2a94b6419527361790132af20d60e681ca87c0c5257393cbac8

  • SHA512

    34b6cd20d4a83dc79c18a8a7440ad76683c2167dbff9f7587c4abf3992fe4764067794eb508df8d7d1ec4c7f15e80b54ae78d5914ab5143fa601f20f13e5c895

Malware Config

Targets

    • Target

      dcb5e9c2f2c7c2a94b6419527361790132af20d60e681ca87c0c5257393cbac8.apk

    • Size

      5.6MB

    • MD5

      2146bdd30739a241a5b24a75fa4e1fb3

    • SHA1

      b61dfece6027e320552bdd263bb7e7805837b550

    • SHA256

      dcb5e9c2f2c7c2a94b6419527361790132af20d60e681ca87c0c5257393cbac8

    • SHA512

      34b6cd20d4a83dc79c18a8a7440ad76683c2167dbff9f7587c4abf3992fe4764067794eb508df8d7d1ec4c7f15e80b54ae78d5914ab5143fa601f20f13e5c895

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot Payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks