Extracted

• • Target

    78d6dc4d6388e1a92a5543b80c038ac66430c7cab3b877eeb0a834bce5cb7c25

  • Size

    4.8MB

  • MD5

    23d92d04a25f2bfea3d2f147cd79be8e

  • SHA1

    956308322bd9d64e9258986d9c5f64439a2c23a3

  • SHA256

    78d6dc4d6388e1a92a5543b80c038ac66430c7cab3b877eeb0a834bce5cb7c25

  • SHA512

    3dcd00d0eeed37f3a912922146cc867de568545ac721257d405154fb05628793f8fa13f340ece6c70a4dd982e95ba53a8b5a83dd17e98cc17be156a7839c17b2

  • SSDEEP

    98304:y4zbjHHYuxJ8GfFaqFGYrVPl7ybvuGP3IpwK98g8ovvSWWZiW:yq3Yuxy4LGYRdun3IpwoV5qWWL

  Score

  10^/10

  flubotbankerdiscoveryevasioninfostealerransomwaretrojan

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot

  • FluBot payload

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Makes use of the framework's Accessibility service.

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Removes a system notification.

    evasion

  • Uses Crypto APIs (Might try to encrypt user data).

    ransomware
  behavioral1behavioral2behavioral3