General

  • Target

    53721f5f5eb05250b7d7e599983dc34d2ea2061e8032d4be8fcf9693452757a3

  • Size

    3.3MB

  • Sample

    240313-zlmgesgd7y

  • MD5

    b670a3277e69ff3f6aa23c0116675cd9

  • SHA1

    f7a6aab778d3a3a348cbb329ef32ed3c492c1ea8

  • SHA256

    53721f5f5eb05250b7d7e599983dc34d2ea2061e8032d4be8fcf9693452757a3

  • SHA512

    72062267c183060db58f21af96a6d8350cac37b34e85d523576b3a6000d14e515547c57916452b11d4a6370a3e0e4377a80a556956944c9f909e2ba427f2d80b

  • SSDEEP

    98304:B0zGt3ZuI7y690JAD/oD4/mQs6/LTdCHZs:B+GfuI7y2oDrq

Malware Config

Targets

    • Target

      53721f5f5eb05250b7d7e599983dc34d2ea2061e8032d4be8fcf9693452757a3

    • Size

      3.3MB

    • MD5

      b670a3277e69ff3f6aa23c0116675cd9

    • SHA1

      f7a6aab778d3a3a348cbb329ef32ed3c492c1ea8

    • SHA256

      53721f5f5eb05250b7d7e599983dc34d2ea2061e8032d4be8fcf9693452757a3

    • SHA512

      72062267c183060db58f21af96a6d8350cac37b34e85d523576b3a6000d14e515547c57916452b11d4a6370a3e0e4377a80a556956944c9f909e2ba427f2d80b

    • SSDEEP

      98304:B0zGt3ZuI7y690JAD/oD4/mQs6/LTdCHZs:B+GfuI7y2oDrq

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks