Overview

overview

10

Static

static

7

739616a8a8...dc.apk

android_x86

10

739616a8a8...dc.apk

android_x64

10

739616a8a8...dc.apk

android_x64

10

Resubmissions

24-05-2022 16:23

220524-tv7aasdban 10

12-05-2022 07:29

220512-jbdhrsbae3 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7435006123.zip

  • Size

    5.2MB

  • Sample

    220512-jbdhrsbae3

  • MD5

    b0d55e510fb5bcbe0c315ecd5076485f

  • SHA1

    7c71bfb2e3aa2af41b2baf6decb2548cb35e0b4d

  • SHA256

    97b06e81c5aff31d6742403e2c2eee8375725141cd60468ad204b3b33ae638af

  • SHA512

    e7d650ed4fc21c69f498a8bd754f97b2a118218a5983bddc2173999898415443c13eb0b13e439cbbd5be0bfbfa210c530a27dceba06080ded837c402e445a6ce

Score
10/10
flubotandroidbankerevasioninfostealerransomwaretrojan

Malware Config

Targets

    • Target

      739616a8a8b6081d3a28d8aae27aa54f2345529cf804a039ba840286c65b5cdc

    • Size

      5.4MB

    • MD5

      88bd05585cfd9d2dca31db8d259bda3a

    • SHA1

      fd80eb218428687a88af0d2f309c0200de79b3e5

    • SHA256

      739616a8a8b6081d3a28d8aae27aa54f2345529cf804a039ba840286c65b5cdc

    • SHA512

      e0356ba5b902a411242f55a04dce8fe494cd9c7f093e8d0f7537612fcea8fe383ce09a140e776ced79ebae0966188cccb72e10648a337bf5a8f5e603a478ee25

    Score
    10/10
    flubotbankerevasioninfostealerransomwaretrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot Payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks