General
-
Target
2b26c52922e8d4f07e948f13970025d62c0d96bd0fe6802d0567fd2c73b94392.apk
-
Size
3.3MB
-
Sample
220616-w416ragehm
-
MD5
ac773cd2c075d4ad82659d9eaa369155
-
SHA1
6bc377e4a3e6e95ca74928837e3cced108cb625e
-
SHA256
2b26c52922e8d4f07e948f13970025d62c0d96bd0fe6802d0567fd2c73b94392
-
SHA512
d672521118ff3811d53f4ec72ef7c8807564d1fc0106c1a3e47106e5ec009589b16845bf4cbae0cf3fd26404fd1bbc0d48f7406a0632c107feee4b4d05efece7
Malware Config
Targets
-
-
Target
2b26c52922e8d4f07e948f13970025d62c0d96bd0fe6802d0567fd2c73b94392.apk
-
Size
3.3MB
-
MD5
ac773cd2c075d4ad82659d9eaa369155
-
SHA1
6bc377e4a3e6e95ca74928837e3cced108cb625e
-
SHA256
2b26c52922e8d4f07e948f13970025d62c0d96bd0fe6802d0567fd2c73b94392
-
SHA512
d672521118ff3811d53f4ec72ef7c8807564d1fc0106c1a3e47106e5ec009589b16845bf4cbae0cf3fd26404fd1bbc0d48f7406a0632c107feee4b4d05efece7
Score10/10-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
suricata: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses
suricata: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses
-
Makes use of the framework's Accessibility service.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Uses Crypto APIs (Might try to encrypt user data).
-