Overview

overview

10

Static

static

6

452cc39649...18.apk

android-9-x86

10

452cc39649...18.apk

android-10-x64

10

452cc39649...18.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    452cc39649bfdfdd81de938f2ce93481_JaffaCakes118

  • Size

    4.6MB

  • Sample

    240330-1rdxxaga83

  • MD5

    452cc39649bfdfdd81de938f2ce93481

  • SHA1

    b499554198e09fd171bbdd8d1cd3a0711c2a6bbd

  • SHA256

    5b62a449bdeff05e4bf7b6e42870ed4ad8d3f9a6cef66267b05295d8937e0b10

  • SHA512

    1750ae273a2c3b0000a2371e42c9fd3299f667c55d3fa6cf27c0b5154b498a65ed07ae3075dd645f34ca148777e9bea2dd95d936973fce4ca943a4aad999fe1e

  • SSDEEP

    98304:hoNuiDQ9wfSVdDp6gDkTjhJfB5oxlAuEk0Olk0msIQpfYgQ+Q67D2w:hKr4pVZp6PjbfskXX+fPQd67/

Score
10/10
flubotandroidbankercollectiondiscoveryevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      452cc39649bfdfdd81de938f2ce93481_JaffaCakes118

    • Size

      4.6MB

    • MD5

      452cc39649bfdfdd81de938f2ce93481

    • SHA1

      b499554198e09fd171bbdd8d1cd3a0711c2a6bbd

    • SHA256

      5b62a449bdeff05e4bf7b6e42870ed4ad8d3f9a6cef66267b05295d8937e0b10

    • SHA512

      1750ae273a2c3b0000a2371e42c9fd3299f667c55d3fa6cf27c0b5154b498a65ed07ae3075dd645f34ca148777e9bea2dd95d936973fce4ca943a4aad999fe1e

    • SSDEEP

      98304:hoNuiDQ9wfSVdDp6gDkTjhJfB5oxlAuEk0Olk0msIQpfYgQ+Q67D2w:hKr4pVZp6PjbfskXX+fPQd67/

    Score
    10/10
    flubotbankercollectiondiscoveryevasioninfostealerpersistencetrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks