Overview

overview

10

Static

static

6

1a2564deee...8a.apk

android-9-x86

10

1a2564deee...8a.apk

android-10-x64

10

1a2564deee...8a.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a2564deee63efcde8a9c68c615762e39bfda3b4ed7b56913a14f8f8c959c78a.bin

  • Size

    3.4MB

  • Sample

    240805-1xd5vstdnb

  • MD5

    d798d1e85f367e0c3bacebb8ed7b42c8

  • SHA1

    c3e9a0cd393480fe05cb66dfe0929b479e0d2fb3

  • SHA256

    1a2564deee63efcde8a9c68c615762e39bfda3b4ed7b56913a14f8f8c959c78a

  • SHA512

    919e48f8114991a93708c1967d2429018804b052b488a3d6363d2ca69035d937f51b8ae84efc29197eefd11641660e39f7bbe9a219a223cc842b6cdf5e072304

  • SSDEEP

    98304:z/8S9xHTQa7uY+EaTLhRvObeeLz+YQpwgY7dNjWYEz6/L:YS9xzt+x4TzypwP73U6/L

Score
10/10
flubotandroidbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      1a2564deee63efcde8a9c68c615762e39bfda3b4ed7b56913a14f8f8c959c78a.bin

    • Size

      3.4MB

    • MD5

      d798d1e85f367e0c3bacebb8ed7b42c8

    • SHA1

      c3e9a0cd393480fe05cb66dfe0929b479e0d2fb3

    • SHA256

      1a2564deee63efcde8a9c68c615762e39bfda3b4ed7b56913a14f8f8c959c78a

    • SHA512

      919e48f8114991a93708c1967d2429018804b052b488a3d6363d2ca69035d937f51b8ae84efc29197eefd11641660e39f7bbe9a219a223cc842b6cdf5e072304

    • SSDEEP

      98304:z/8S9xHTQa7uY+EaTLhRvObeeLz+YQpwgY7dNjWYEz6/L:YS9xzt+x4TzypwP73U6/L

    Score
    10/10
    flubotbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Requests changing the default SMS application.

      collectionimpact

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks