General
-
Target
231126-1wttxsce51_pw_infected.zip
-
Size
4.7MB
-
Sample
231209-k86fgshcc9
-
MD5
abb6e6aea190889fbf34776e5d896743
-
SHA1
515065e6c4252cb0ebd398213cc88909eed0d584
-
SHA256
50a476286fec135a8a3189dd0384da299e70c3abb6f6c66bb7f4926eb041ef0b
-
SHA512
bd61fb2e46073a1b0d0e374e62915660f6018cead2e4de22df964da266828a5dba7af34e8b883f511e4a3d894c9f6436ca84956776aaa4a8f470a68a5d280387
-
SSDEEP
98304:UCEYLaQ7df+QA13rG+d+IU/nOn61RF2nxoSa9ZvEKy0h:Pnp2QAZZ4r/OnORNSkPh
Static task
static1
Behavioral task
behavioral1
Sample
9b04500fcd4237ddb27a25cf4483bbefe03c6aaf12500c0b7b46ed898f999393.apk
Resource
android-x64-arm64-20231023-en
Malware Config
Targets
-
-
Target
9b04500fcd4237ddb27a25cf4483bbefe03c6aaf12500c0b7b46ed898f999393.bin
-
Size
4.8MB
-
MD5
ca5240489cfb5b97fde09a85e2d90c9b
-
SHA1
26517a68db93bb36ebf31c2fe4b4b8c0f2fc3c84
-
SHA256
9b04500fcd4237ddb27a25cf4483bbefe03c6aaf12500c0b7b46ed898f999393
-
SHA512
df458a089cd18e0cb8e80e8e8eb81d5ad0b9f16c7dddfb968e0a50ac356dffb9149b6957d3b27d4908cc1da366fae98736cb650f5ad8f988f2a63945cf1aeae4
-
SSDEEP
98304:u9srlNqjQuH5a3udaBi/coneFEGOlOKQr3lIrSTjorzM13/wkT:u9srlia3mQgMO47lIrSXU83xT
-
FluBot payload
-
Makes use of the framework's Accessibility service.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests enabling of the accessibility settings.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-