General

  • Target

    e4d506940fad3af243ac3eb04e16f6a9_JaffaCakes118

  • Size

    3.0MB

  • Sample

    240407-npgvkacb75

  • MD5

    e4d506940fad3af243ac3eb04e16f6a9

  • SHA1

    0c6ba3fac39eab343539e2355bb0b533665b7ea6

  • SHA256

    7a1f67937c3df8b1b65b7e5ca2ac609a7f405123df91b948535ad866e9ff884d

  • SHA512

    19ecfa32e9e21cd65bc9579a8ef449f2b9fa883a22884ecc561586f9dd327aebe485a178128af2ed34270d51fffb5e754618ee22e0cd6e931bf09818060a2bec

  • SSDEEP

    49152:0gdipryDHH0D6gmPOroTV8asMbUCWhSENwOU1iNcJ3W7HxTQqUonXJ3cwk:0brWn0DAOroTV87wHDOC09RzUsFk

Malware Config

Targets

    • Target

      e4d506940fad3af243ac3eb04e16f6a9_JaffaCakes118

    • Size

      3.0MB

    • MD5

      e4d506940fad3af243ac3eb04e16f6a9

    • SHA1

      0c6ba3fac39eab343539e2355bb0b533665b7ea6

    • SHA256

      7a1f67937c3df8b1b65b7e5ca2ac609a7f405123df91b948535ad866e9ff884d

    • SHA512

      19ecfa32e9e21cd65bc9579a8ef449f2b9fa883a22884ecc561586f9dd327aebe485a178128af2ed34270d51fffb5e754618ee22e0cd6e931bf09818060a2bec

    • SSDEEP

      49152:0gdipryDHH0D6gmPOroTV8asMbUCWhSENwOU1iNcJ3W7HxTQqUonXJ3cwk:0brWn0DAOroTV87wHDOC09RzUsFk

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot payload

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks