General
-
Target
6efccf47f84e801a2208770407d10e75bf2d20ed23e3b3f96387290c27b20f84
-
Size
4.7MB
-
Sample
231219-3vj97scfc7
-
MD5
55e064722e928547d80fee36e8307f48
-
SHA1
a2ebab5b4a63f871d48bc10410c64a0f6e4acd88
-
SHA256
6efccf47f84e801a2208770407d10e75bf2d20ed23e3b3f96387290c27b20f84
-
SHA512
5543ee9ccfa96fe70f6b7f9370fe28df90a3a203785cc743cc72bc7825119e9c5af0aa3f204ac381f83d5c0ce1da6b035e4ce14a57ad2d6082ef727c6ad01973
-
SSDEEP
98304:DRFKMjBlKLIa+PWtp+0k2TY2hTUYxSH/2yv5aiUr4Dm9LwkbZh:jjLJPeA72T9+0G/2yc34Dme4h
Malware Config
Targets
-
-
Target
6efccf47f84e801a2208770407d10e75bf2d20ed23e3b3f96387290c27b20f84
-
Size
4.7MB
-
MD5
55e064722e928547d80fee36e8307f48
-
SHA1
a2ebab5b4a63f871d48bc10410c64a0f6e4acd88
-
SHA256
6efccf47f84e801a2208770407d10e75bf2d20ed23e3b3f96387290c27b20f84
-
SHA512
5543ee9ccfa96fe70f6b7f9370fe28df90a3a203785cc743cc72bc7825119e9c5af0aa3f204ac381f83d5c0ce1da6b035e4ce14a57ad2d6082ef727c6ad01973
-
SSDEEP
98304:DRFKMjBlKLIa+PWtp+0k2TY2hTUYxSH/2yv5aiUr4Dm9LwkbZh:jjLJPeA72T9+0G/2yc34Dme4h
Score10/10-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests enabling of the accessibility settings.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-