Resubmissions

25-09-2023 22:58

230925-2xtqzscf4s 10

25-09-2023 12:39

230925-pvwfksgb78 10

General

  • Target

    4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

  • Size

    6.0MB

  • Sample

    230925-2xtqzscf4s

  • MD5

    06371fc75740162de9e6275102012e6c

  • SHA1

    9b45243e89541ae26fea5ff2b9c7d14ff69044ed

  • SHA256

    4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

  • SHA512

    c865d89143effb176c4be93fc16f54e06d248f5b7e22ffbf19754137f9da181f6d7f6019cdb28d2d7964375b1978a255c475dd3d17487fddb9fa0e4eda8bf248

  • SSDEEP

    98304:fC3rjZ1lQTKUHiLoQwaFaxCiFXzTVNeWr4kUCzwHrqrtQUn5HHOwBFyxrlV:fCvlLLNwaF8DhX4k9SrEbBFyN3

Malware Config

Targets

    • Target

      4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

    • Size

      6.0MB

    • MD5

      06371fc75740162de9e6275102012e6c

    • SHA1

      9b45243e89541ae26fea5ff2b9c7d14ff69044ed

    • SHA256

      4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

    • SHA512

      c865d89143effb176c4be93fc16f54e06d248f5b7e22ffbf19754137f9da181f6d7f6019cdb28d2d7964375b1978a255c475dd3d17487fddb9fa0e4eda8bf248

    • SSDEEP

      98304:fC3rjZ1lQTKUHiLoQwaFaxCiFXzTVNeWr4kUCzwHrqrtQUn5HHOwBFyxrlV:fCvlLLNwaF8DhX4k9SrEbBFyN3

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

    • Uses Crypto APIs (Might try to encrypt user data).

    • Target

      appx/af-appx.min.js

    • Size

      570KB

    • MD5

      b6eb04363e88ceb02983493d0d415a76

    • SHA1

      00faa2d27a8c2cd70f261cb17a53884181d44ee5

    • SHA256

      60ede3350d57014350598f985e240c65d0fef70ec003546c35debaaa707737fa

    • SHA512

      da4149950427d6341021a6073216355f28d318801c01d84fedcfd4e011e038ed28a743fbd6eb737bd9a995a5135de157e598be79a704ea0eabf9b835bbcad0f8

    • SSDEEP

      6144:KZz1+/1/N8ezA6ctPpX92pM1Og12wj11W19yK7RLQjAayjUaC7Tiq/0TkzIF:q6dicmtPj9K7RLQjAayjUaC7T0TkA

    Score
    1/10
    • Target

      appx/af-appx.worker.min.js

    • Size

      425KB

    • MD5

      ee95e302665633407abe6a8fddf06d4b

    • SHA1

      9ef5894a6e2ecee4d20cc53bf3eaf865568e2aff

    • SHA256

      801783c0a71ff48d9b29a775cd47597ad5bf0a6aa0c15dd4e1023a3eaefef149

    • SHA512

      b6dd91a847c67c3f8976a9d80beff6f1361a097dd7fabb68eb8853e8a055a66b8404c12e42baf573af6a4f3e85ef79a1918606081a5ef2595667373e8821f358

    • SSDEEP

      6144:CVdAA/7HtAt9HqZb/q4l56eZkr28dCvOlpaSYRv359ls+N:CVdAEHWt9KN/nl5Sa8dCvqaSYRx9ls+N

    Score
    1/10
    • Target

      appx/es6-promise.min.js

    • Size

      6KB

    • MD5

      87386dc55ba8a0148b2b368daa730e3a

    • SHA1

      721f69e52595a309169781c6fd9f31b5cb971b94

    • SHA256

      c0e9849f5a195abee01fb0c70da42c232c6cc0ec226f67d54ab31975f2eedf9a

    • SHA512

      d60c1edf9adba7440bdee328ddb80af8470aaa19b2bd90b03746738eefb066929d0c8a9b824fed7d64f22fc643ea9db27413747425917f635d681490ad098a67

    • SSDEEP

      96:+0jEIlgBtFX762eQAl25zU2sycRu56+NUXvfRW2CjwqKbq5hizUfUAEvm0r/GzR:+NXt22vdcR1tqKbDAENrGR

    Score
    1/10
    • Target

      appx/index.html

    • Size

      1KB

    • MD5

      2b186fa99270394f1ef2a19604832708

    • SHA1

      b423eb5c7821436d81ddd99b87f4b664a367bc13

    • SHA256

      a41346e3edd7b683b8eab44f9b7234d5758cd76d05f9956ebd519f92c0a94f0c

    • SHA512

      1271fedbc6b03c6626761e0b36a903a0ffd36a7ae5cfe67cfa97bf3cbc905e21819fadc1d9a567763d99842af5e02064d6bb2ff9e56032fb894d66b54cbcab2b

    Score
    1/10
    • Target

      appx/security-patch.min.js

    • Size

      731B

    • MD5

      9af9636e96667b6e51fd8820ea64bcec

    • SHA1

      9945a97db54b07812fe8c9384f2381c0cf7a5b59

    • SHA256

      9c55d51b975b03f274f228d9b6ce303accb0df522b58d6aded2cd5c577e89f79

    • SHA512

      6273caeb43d33462f42708d3b326fff27dd552dccf129ea71943ee7c5e9a150ca0205498e58c71567148370b5871ebdc9ff33b05645b886e968938648870089b

    Score
    1/10
    • Target

      MOBILEIC@idNoMacau

    • Size

      12KB

    • MD5

      38437a4009f05c38b1d4dc62be2e3a67

    • SHA1

      b1e6a40fe7e597dbe1a12bd08b3960dee2412238

    • SHA256

      8cfc9a1d8f446f6fb0251bc4705b624722946756215dc7e6d1008c013123015d

    • SHA512

      3abb012e37066c60367255cb1a302a7d671eb79f59c43a91cfaf26594b0426e6bf512ec7cf528f1c6e1d0d80e1da0bacd52ee9dcf6f3d0cf2d7e2cb65da14208

    • SSDEEP

      96:t+TngYnQeIqg6jEvx4UhlQ9Ja6NmnaIqg6GrvbV2kDRUugKMb08NAW0r6lQo+MDX:4gYYzQ9J3u0kDRCKN6lQjvOX

    Score
    1/10
    • Target

      MOBILEIC@secret-question

    • Size

      9KB

    • MD5

      55bbfd0cfedd4e8356d7016a16c1ae1d

    • SHA1

      cda6a1318a31e99a7e905ded1f22e3108eff6167

    • SHA256

      f2cd555da76b2dd6e19467c630172b6cf090367166127cc841e0baadb4e04a30

    • SHA512

      aacaa4ba39395f75e0071d755a95827eca5c385ff994d94a73e4d742d729fbcdc8e02bbcd94c216e67aae04656c517ffaddeb597be45de657d1b606b3f89d8e5

    • SSDEEP

      96:zd+DL4y3Z8JyKhj0ZPlG8AnRuQuL+JBwwfwcxHh4RJU618upd2qP:zu4y3Z8JyCGlG8AnRupL+JBFw0Ez

    Score
    1/10
    • Target

      QUICKPAY@card-no-flex

    • Size

      5KB

    • MD5

      0f03a81b0a45aa562a7000166255ccbe

    • SHA1

      a25dc16c49920997964231ae30b347e6ea4fb8a6

    • SHA256

      add2c7fc3367b8b063b5ade4f258de93b3f16e386abaaedffb9dbf8bae62d294

    • SHA512

      275caf7f94e61901d55ab05d24fcb4d2d88adc037699c745762539ada489da42cfcd992ff483420b1349410f37c20c471da6274d3f5c78191e1805e64d4583b0

    • SSDEEP

      96:zVkRITsdxQY2GGSNgiJlG4ReBf6gkUgKJ7ZJuRZMen/SQ:zjszQY2FFAlG4ReBf6gkUgxf

    Score
    1/10
    • Target

    • Size

      3KB

    • MD5

      55acfe384eae522d3d9e0c046ef9bd53

    • SHA1

      fbcf05fd0ad0569b4afc35c3bd8885b042832b77

    • SHA256

      62ffd64e012a83d114bd8e15c45808773d66852ce385599a8f8a0fd5d7acc87b

    • SHA512

      32043682d12cd10e24ea18d9a636b7f03ef688596818b1e2f15b090bdf69251fb2b69136231c418616fa95d3d3d514ae98b529c7a76d3f286828029cc574c0b3

    Score
    1/10
    • Target

      QUICKPAY@pwd-validate-flex

    • Size

      5KB

    • MD5

      7abc912426e02eb2071541e7551a8657

    • SHA1

      40d5ae4e19f2e9ce42378747df402037bfa1c564

    • SHA256

      619867085287fd43fc03e6fd71bfe1df16c0681ca3f2eca3a0aeafcaaa9df167

    • SHA512

      c4fc86eb474ce6b12f102aab4c0e0ea0a14ed52a98aa40d8289426e2554d02c09bf78edc9360a88eabd6883be6dfe7f4719499c8215018ab518dd1b70ce88c2a

    • SSDEEP

      96:zkRpofwnp27tVBWPZDnWgN1W0vY9zD17nzvZJDRRFWqvsPyJVFTdn:AofK87QWnG+rzfxzln

    Score
    1/10
    • Target

      QUICKPAY@recommend-setspwd-flex

    • Size

      3KB

    • MD5

      f5bcfc5b47c55815da1b289dc7887791

    • SHA1

      b768856e9281c4b563f0e7a8719305e2dbaa1cd3

    • SHA256

      79532d1c255cbb499fb016aed3f7641c64c5181c98ff5fbeb03166305b3006c5

    • SHA512

      121ce54f4155dfcf1f2376a5052c4c9f8244dd78921301db321f482f4db85561a32a2c1281a4c788a8935c64b64dbcff4250da7babc3ec47f76faecfb124ea19

    Score
    1/10
    • Target

      QUICKPAY@waika-select-country-and-area-flex

    • Size

      3KB

    • MD5

      7e94e58b8567cb98fda48343f7e06514

    • SHA1

      17c15dfefeb91fda28567c160cb107a1bcf255ba

    • SHA256

      a490ca25320a35b41b3e922d66ef36432dee17adf69688e304a5960486a5877b

    • SHA512

      9924f29fee22a2f0c8c6d5556825f3a509f901d94eb3a428e12b9b9ca803bb7faaa3b498c08626e33515b234aba2940e3e2eccf152aaaa116df046a851c19700

    Score
    1/10
    • Target

      amc-h5.js

    • Size

      378B

    • MD5

      cc09c18ba74a339b86f2fe87cee5599b

    • SHA1

      96bf5a371ee081cdc431181ffdf654c4d6ddcfb6

    • SHA256

      031ff0f52ef4ea571fc36ce396a0d18b5395b354fcaed3e037e3e3588c68b23b

    • SHA512

      fcc9083fffde7c6111374ec7fb7000fef8a66bdcd03f3300fe8fd512014b862591bb72da49b8d825c8a009937d455f40c66e7ca994d8801282b59e2ef0601d01

    Score
    1/10
    • Target

      MOBILEIC@idNoMacau

    • Size

      12KB

    • MD5

      38437a4009f05c38b1d4dc62be2e3a67

    • SHA1

      b1e6a40fe7e597dbe1a12bd08b3960dee2412238

    • SHA256

      8cfc9a1d8f446f6fb0251bc4705b624722946756215dc7e6d1008c013123015d

    • SHA512

      3abb012e37066c60367255cb1a302a7d671eb79f59c43a91cfaf26594b0426e6bf512ec7cf528f1c6e1d0d80e1da0bacd52ee9dcf6f3d0cf2d7e2cb65da14208

    • SSDEEP

      96:t+TngYnQeIqg6jEvx4UhlQ9Ja6NmnaIqg6GrvbV2kDRUugKMb08NAW0r6lQo+MDX:4gYYzQ9J3u0kDRCKN6lQjvOX

    Score
    1/10
    • Target

      MOBILEIC@secret-question

    • Size

      9KB

    • MD5

      55bbfd0cfedd4e8356d7016a16c1ae1d

    • SHA1

      cda6a1318a31e99a7e905ded1f22e3108eff6167

    • SHA256

      f2cd555da76b2dd6e19467c630172b6cf090367166127cc841e0baadb4e04a30

    • SHA512

      aacaa4ba39395f75e0071d755a95827eca5c385ff994d94a73e4d742d729fbcdc8e02bbcd94c216e67aae04656c517ffaddeb597be45de657d1b606b3f89d8e5

    • SSDEEP

      96:zd+DL4y3Z8JyKhj0ZPlG8AnRuQuL+JBwwfwcxHh4RJU618upd2qP:zu4y3Z8JyCGlG8AnRupL+JBFw0Ez

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
7/10

behavioral1

Score
1/10

behavioral2

flubotbankerdiscoveryevasioninfostealerransomwaretrojan
Score
10/10

behavioral3

flubotbankerdiscoveryevasioninfostealerransomwaretrojan
Score
10/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10