Resubmissions

26-05-2022 16:15

220526-tp7c4sghbm 10

27-04-2022 14:06

220427-rehkwscdel 10

General

  • Target

    Voicemail.apk

  • Size

    5.8MB

  • Sample

    220526-tp7c4sghbm

  • MD5

    77da191edf9bd56bd550c47d28519848

  • SHA1

    526856561d862131a8866732bcd8c63b70069968

  • SHA256

    32d11dd0c65f101499a7c94eeae319afc43bfd0f730733a3357d294ef94c9a11

  • SHA512

    3719b675353c3bb78dc1aa4cf79ae4da1df192762a422b586545bad6a724db55bbc9a9e5ec3d76253816af97276d967afa7689783d6f2bc0ea9cc51475975406

Malware Config

Targets

    • Target

      Voicemail.apk

    • Size

      5.8MB

    • MD5

      77da191edf9bd56bd550c47d28519848

    • SHA1

      526856561d862131a8866732bcd8c63b70069968

    • SHA256

      32d11dd0c65f101499a7c94eeae319afc43bfd0f730733a3357d294ef94c9a11

    • SHA512

      3719b675353c3bb78dc1aa4cf79ae4da1df192762a422b586545bad6a724db55bbc9a9e5ec3d76253816af97276d967afa7689783d6f2bc0ea9cc51475975406

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot Payload

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Removes a system notification.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Enterprise v6

Tasks