dogerat | 7a1f67937c3df8b1b65b7e5ca2ac609a7f405123df91b948535ad866e9ff884d | Triage

Submit
Reports

Overview

overview

Static

static

e4d506940f...18.apk

android-9-x86

e4d506940f...18.apk

android-10-x64

e4d506940f...18.apk

android-11-x64

Sharing

General

Target

e4d506940fad3af243ac3eb04e16f6a9_JaffaCakes118
Size

3.0MB
Sample

240407-npgvkacb75
MD5

e4d506940fad3af243ac3eb04e16f6a9
SHA1

0c6ba3fac39eab343539e2355bb0b533665b7ea6
SHA256

7a1f67937c3df8b1b65b7e5ca2ac609a7f405123df91b948535ad866e9ff884d
SHA512

19ecfa32e9e21cd65bc9579a8ef449f2b9fa883a22884ecc561586f9dd327aebe485a178128af2ed34270d51fffb5e754618ee22e0cd6e931bf09818060a2bec
SSDEEP

49152:0gdipryDHH0D6gmPOroTV8asMbUCWhSENwOU1iNcJ3W7HxTQqUonXJ3cwk:0brWn0DAOroTV87wHDOC09RzUsFk

Score

10^/10

dogerat flubot android banker collection discovery evasion infostealer persistence trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

e4d506940fad3af243ac3eb04e16f6a9_JaffaCakes118.apk

Resource

android-x86-arm-20240221-en

flubot banker collection discovery evasion infostealer persistence trojan

android-9-x86

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

e4d506940fad3af243ac3eb04e16f6a9_JaffaCakes118.apk

Resource

android-x64-20240221-en

android-10-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

e4d506940fad3af243ac3eb04e16f6a9_JaffaCakes118.apk

Resource

android-x64-arm64-20240221-en

android-11-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  e4d506940fad3af243ac3eb04e16f6a9_JaffaCakes118
- Size
  
  3.0MB
- MD5
  
  e4d506940fad3af243ac3eb04e16f6a9
- SHA1
  
  0c6ba3fac39eab343539e2355bb0b533665b7ea6
- SHA256
  
  7a1f67937c3df8b1b65b7e5ca2ac609a7f405123df91b948535ad866e9ff884d
- SHA512
  
  19ecfa32e9e21cd65bc9579a8ef449f2b9fa883a22884ecc561586f9dd327aebe485a178128af2ed34270d51fffb5e754618ee22e0cd6e931bf09818060a2bec
- SSDEEP
  
  49152:0gdipryDHH0D6gmPOroTV8asMbUCWhSENwOU1iNcJ3W7HxTQqUonXJ3cwk:0brWn0DAOroTV87wHDOC09RzUsFk
Score

10^/10

flubot banker collection discovery evasion infostealer persistence trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

flubotbankercollectiondiscoveryevasioninfostealerpersistencetrojan

behavioral2

behavioral3

© 2018-2024

Terms | Privacy