Overview

overview

10

Static

static

6

68e7085eeb...da.apk

 

68e7085eeb...da.apk

android-10-x64

10

68e7085eeb...da.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    68e7085eebe634fb54baaf20cd8d5cda

  • Size

    2.6MB

  • Sample

    231222-fhhvaaehgk

  • MD5

    68e7085eebe634fb54baaf20cd8d5cda

  • SHA1

    8a45da188ceb595d7564a904b0018e42e6cb6eda

  • SHA256

    c8912a4ea44e34d8abbd7a40e303d1c236e1b0ee8c37ad90c96c91f006da8eff

  • SHA512

    edd5f6acf650086cb3390cd2d9886544966cf92007387bf86f7c1c1019769e71093955e40b433e15c780ab50b047589b9d2e641e03bc059608ce0594b87217a2

  • SSDEEP

    49152:nt6drmFXYEjfe1JVBm8V/nHMt9Nw2xO0Lav9QMmqW8bvtDkP31V:nirKZbSJVBdV/HYI2MP1QzsLtOV

Score
10/10
flubotandroidbankerdiscoveryinfostealertrojan

Malware Config

Targets

    • Target

      68e7085eebe634fb54baaf20cd8d5cda

    • Size

      2.6MB

    • MD5

      68e7085eebe634fb54baaf20cd8d5cda

    • SHA1

      8a45da188ceb595d7564a904b0018e42e6cb6eda

    • SHA256

      c8912a4ea44e34d8abbd7a40e303d1c236e1b0ee8c37ad90c96c91f006da8eff

    • SHA512

      edd5f6acf650086cb3390cd2d9886544966cf92007387bf86f7c1c1019769e71093955e40b433e15c780ab50b047589b9d2e641e03bc059608ce0594b87217a2

    • SSDEEP

      49152:nt6drmFXYEjfe1JVBm8V/nHMt9Nw2xO0Lav9QMmqW8bvtDkP31V:nirKZbSJVBdV/HYI2MP1QzsLtOV

    Score
    10/10
    flubotbankerdiscoveryinfostealertrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks