Overview

overview

10

Static

static

6

aa8a7563fe...51.apk

 

aa8a7563fe...51.apk

android-10-x64

10

aa8a7563fe...51.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa8a7563fe9255d52e5f4bd1e165c4fa71758acc6d20fd23ec2127137ff93751

  • Size

    4.8MB

  • Sample

    231220-nj1eqadefq

  • MD5

    ff1a568ed2021ff708153e3fff1a8afb

  • SHA1

    652ea29ae5cd4e6b91f6b3678928ac726221e7ea

  • SHA256

    aa8a7563fe9255d52e5f4bd1e165c4fa71758acc6d20fd23ec2127137ff93751

  • SHA512

    ad405cb69b808f934e1613076db5daa5b978fee04fdc3b9eca9c3d238c049260dbb791e47b4f30ccb8e5e72e17215a3a98f68aa2ab0c50985842550e12fecc01

  • SSDEEP

    98304:68F3FGdInEZB7KOqdPval+28JDRpXvMJZJEvtIKMtlRM:nJRE2rdnoL8JvXkJjElgC

Score
10/10
flubotandroidbankerevasioninfostealerstealthtrojan

Malware Config

Targets

    • Target

      aa8a7563fe9255d52e5f4bd1e165c4fa71758acc6d20fd23ec2127137ff93751

    • Size

      4.8MB

    • MD5

      ff1a568ed2021ff708153e3fff1a8afb

    • SHA1

      652ea29ae5cd4e6b91f6b3678928ac726221e7ea

    • SHA256

      aa8a7563fe9255d52e5f4bd1e165c4fa71758acc6d20fd23ec2127137ff93751

    • SHA512

      ad405cb69b808f934e1613076db5daa5b978fee04fdc3b9eca9c3d238c049260dbb791e47b4f30ccb8e5e72e17215a3a98f68aa2ab0c50985842550e12fecc01

    • SSDEEP

      98304:68F3FGdInEZB7KOqdPval+28JDRpXvMJZJEvtIKMtlRM:nJRE2rdnoL8JvXkJjElgC

    Score
    10/10
    flubotbankerinfostealerstealthtrojanevasion

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Removes its main activity from the application launcher

      stealthtrojan

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks