Overview

overview

10

Static

static

6

891d5d2c39...18.apk

android-9-x86

10

891d5d2c39...18.apk

android-10-x64

10

891d5d2c39...18.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    891d5d2c397e9ad5fed5685f78657d4b_JaffaCakes118

  • Size

    4.6MB

  • Sample

    240402-lm1tjsda2x

  • MD5

    891d5d2c397e9ad5fed5685f78657d4b

  • SHA1

    f2f3f6344e054a03cd83e2e2f00af2af3d59f1c5

  • SHA256

    ea6776fac45c8844242fdb566a17e70569813298235567bbe9fa0dd062f1160b

  • SHA512

    369875e4359b91936f015d347be0f765ffdfddb92c82d887d3cbe07c38dacc0029b25f38682f270700feaa62d728ccf42ccd95362785f7c2119ae43e74d2ac49

  • SSDEEP

    98304:UHIuiDQ9wfSVdDp6gDkTjhJfB5oxlAuEk0Olk0mYjFpfYgQ+Q67D2t:Uor4pVZp6PjbfskXX+3PQd67O

Score
10/10
flubotandroidbankercollectiondiscoveryevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      891d5d2c397e9ad5fed5685f78657d4b_JaffaCakes118

    • Size

      4.6MB

    • MD5

      891d5d2c397e9ad5fed5685f78657d4b

    • SHA1

      f2f3f6344e054a03cd83e2e2f00af2af3d59f1c5

    • SHA256

      ea6776fac45c8844242fdb566a17e70569813298235567bbe9fa0dd062f1160b

    • SHA512

      369875e4359b91936f015d347be0f765ffdfddb92c82d887d3cbe07c38dacc0029b25f38682f270700feaa62d728ccf42ccd95362785f7c2119ae43e74d2ac49

    • SSDEEP

      98304:UHIuiDQ9wfSVdDp6gDkTjhJfB5oxlAuEk0Olk0mYjFpfYgQ+Q67D2t:Uor4pVZp6PjbfskXX+3PQd67O

    Score
    10/10
    flubotbankercollectiondiscoveryevasioninfostealerpersistencetrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks