Overview

overview

10

Static

static

7

DHLhMobile.apk

android_x86

10

DHLhMobile.apk

android_x64

10

DHLhMobile.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHLhMobile.apk

  • Size

    5.2MB

  • Sample

    220322-l5h2fsehd4

  • MD5

    82f848cf5943c98da62dc84c7a5d7714

  • SHA1

    f650d3a2b3f9bb53966dce00e8f0408e519721f9

  • SHA256

    8f58bd456a7ff10ae86db10cb90697d9894e9f310d139852ba3302d02ca4fe6b

  • SHA512

    88879ae32a58f3cb75552d49b365dc59824ee407a804604b77dc4ca836bf4502e842a14ad0114c48a2aa01cd7d97424369a2a2a5b7ac7a9b9f13d9c81511fa62

Score
10/10
flubotandroidbankerevasioninfostealerransomwaretrojan

Malware Config

Targets

    • Target

      DHLhMobile.apk

    • Size

      5.2MB

    • MD5

      82f848cf5943c98da62dc84c7a5d7714

    • SHA1

      f650d3a2b3f9bb53966dce00e8f0408e519721f9

    • SHA256

      8f58bd456a7ff10ae86db10cb90697d9894e9f310d139852ba3302d02ca4fe6b

    • SHA512

      88879ae32a58f3cb75552d49b365dc59824ee407a804604b77dc4ca836bf4502e842a14ad0114c48a2aa01cd7d97424369a2a2a5b7ac7a9b9f13d9c81511fa62

    Score
    10/10
    flubotbankerevasioninfostealerransomwaretrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot Payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks