Overview

overview

10

Static

static

7

d3427a1dcd...ff.apk

android_x86

10

d3427a1dcd...ff.apk

android_x64

10

d3427a1dcd...ff.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d3427a1dcd1fb49023f16ca081b8475751074f3e728287f31c23158b91f5a5ff

  • Size

    6.2MB

  • Sample

    220207-a31b6sddb5

  • MD5

    c26488c3b994074e06885297e45a068d

  • SHA1

    69981e6af25691dbfd75276a42052ebfe29d10e9

  • SHA256

    d3427a1dcd1fb49023f16ca081b8475751074f3e728287f31c23158b91f5a5ff

  • SHA512

    4b4a0d79d52028d355774296ba98788d19a0969f1b3f93be55563f2b80d51d16695d966b37415a5d189a315cfcdb25b6dc5c65623807c9d6ea3d8213529f9aa0

Score
10/10
flubotandroidbankerinfostealerransomwaretrojan

Malware Config

Targets

    • Target

      d3427a1dcd1fb49023f16ca081b8475751074f3e728287f31c23158b91f5a5ff

    • Size

      6.2MB

    • MD5

      c26488c3b994074e06885297e45a068d

    • SHA1

      69981e6af25691dbfd75276a42052ebfe29d10e9

    • SHA256

      d3427a1dcd1fb49023f16ca081b8475751074f3e728287f31c23158b91f5a5ff

    • SHA512

      4b4a0d79d52028d355774296ba98788d19a0969f1b3f93be55563f2b80d51d16695d966b37415a5d189a315cfcdb25b6dc5c65623807c9d6ea3d8213529f9aa0

    Score
    10/10
    flubotbankerinfostealerransomwaretrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot Payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks