General
-
Target
df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f
-
Size
5.5MB
-
Sample
220128-mh7a7sbbak
-
MD5
42331cf55ee2174ac0d137d27633f7ea
-
SHA1
c67ce535777198f1bac3a7b7bd34817255c05e13
-
SHA256
df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f
-
SHA512
ffef78b5f7507cf444f9b1b03f5d655b4c88b6c9d00fa10455179d63003d2cd52b120d5ec81fa031bd920f711f5a3cf42d804da51f418314779de4e508336d32
Malware Config
Targets
-
-
Target
df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f
-
Size
5.5MB
-
MD5
42331cf55ee2174ac0d137d27633f7ea
-
SHA1
c67ce535777198f1bac3a7b7bd34817255c05e13
-
SHA256
df98a8b9f15f4c70505d7c8e0c74b12ea708c084fbbffd5c38424481ae37976f
-
SHA512
ffef78b5f7507cf444f9b1b03f5d655b4c88b6c9d00fa10455179d63003d2cd52b120d5ec81fa031bd920f711f5a3cf42d804da51f418314779de4e508336d32
Score10/10-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data).
-