Overview

overview

10

Static

static

7

4859ab9cd5...8c.apk

android_x64

10

Resubmissions

19-01-2022 11:21

220119-nge11ahce2 10

19-01-2022 11:18

220119-nehn4shchl 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

  • Size

    6.0MB

  • Sample

    220119-nge11ahce2

  • MD5

    06371fc75740162de9e6275102012e6c

  • SHA1

    9b45243e89541ae26fea5ff2b9c7d14ff69044ed

  • SHA256

    4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

  • SHA512

    c865d89143effb176c4be93fc16f54e06d248f5b7e22ffbf19754137f9da181f6d7f6019cdb28d2d7964375b1978a255c475dd3d17487fddb9fa0e4eda8bf248

Score
10/10
flubotandroidbankerinfostealerransomwaretrojan

Malware Config

Targets

    • Target

      4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

    • Size

      6.0MB

    • MD5

      06371fc75740162de9e6275102012e6c

    • SHA1

      9b45243e89541ae26fea5ff2b9c7d14ff69044ed

    • SHA256

      4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

    • SHA512

      c865d89143effb176c4be93fc16f54e06d248f5b7e22ffbf19754137f9da181f6d7f6019cdb28d2d7964375b1978a255c475dd3d17487fddb9fa0e4eda8bf248

    Score
    10/10
    flubotbankerinfostealerransomwaretrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot Payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1

MITRE ATT&CK Matrix

Tasks