General
-
Target
aa8a7563fe9255d52e5f4bd1e165c4fa71758acc6d20fd23ec2127137ff93751
-
Size
4.8MB
-
Sample
231220-nj1eqadefq
-
MD5
ff1a568ed2021ff708153e3fff1a8afb
-
SHA1
652ea29ae5cd4e6b91f6b3678928ac726221e7ea
-
SHA256
aa8a7563fe9255d52e5f4bd1e165c4fa71758acc6d20fd23ec2127137ff93751
-
SHA512
ad405cb69b808f934e1613076db5daa5b978fee04fdc3b9eca9c3d238c049260dbb791e47b4f30ccb8e5e72e17215a3a98f68aa2ab0c50985842550e12fecc01
-
SSDEEP
98304:68F3FGdInEZB7KOqdPval+28JDRpXvMJZJEvtIKMtlRM:nJRE2rdnoL8JvXkJjElgC
Malware Config
Targets
-
-
Target
aa8a7563fe9255d52e5f4bd1e165c4fa71758acc6d20fd23ec2127137ff93751
-
Size
4.8MB
-
MD5
ff1a568ed2021ff708153e3fff1a8afb
-
SHA1
652ea29ae5cd4e6b91f6b3678928ac726221e7ea
-
SHA256
aa8a7563fe9255d52e5f4bd1e165c4fa71758acc6d20fd23ec2127137ff93751
-
SHA512
ad405cb69b808f934e1613076db5daa5b978fee04fdc3b9eca9c3d238c049260dbb791e47b4f30ccb8e5e72e17215a3a98f68aa2ab0c50985842550e12fecc01
-
SSDEEP
98304:68F3FGdInEZB7KOqdPval+28JDRpXvMJZJEvtIKMtlRM:nJRE2rdnoL8JvXkJjElgC
Score10/10-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests enabling of the accessibility settings.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-