General

  • Target

    ae0dba06e40508129b67de6bf8ee08b680afa60651ab07c57f713bdd7deaa34f.bin

  • Size

    3.3MB

  • Sample

    240807-1zh7laycmh

  • MD5

    de509d8f632f880bd7dfa09fba05a6df

  • SHA1

    c50706c1168be3af8048e6eb91061e4fcf922e1a

  • SHA256

    ae0dba06e40508129b67de6bf8ee08b680afa60651ab07c57f713bdd7deaa34f

  • SHA512

    5da9bab0cc83db4a904b1bbd9f3d7766337a4c1a91eb60297b2b44631b5460ec8cf86e6daecf6366e11b87aab55acc4b195e3a148b956982c109e29bbd75936b

  • SSDEEP

    98304:MTEk6iXsxRB91/bloHIfnZzyo5IDG/y2O2cU9:MYkyRBfSHIfZzyoWYy2Oc9

Malware Config

Targets

    • Target

      ae0dba06e40508129b67de6bf8ee08b680afa60651ab07c57f713bdd7deaa34f.bin

    • Size

      3.3MB

    • MD5

      de509d8f632f880bd7dfa09fba05a6df

    • SHA1

      c50706c1168be3af8048e6eb91061e4fcf922e1a

    • SHA256

      ae0dba06e40508129b67de6bf8ee08b680afa60651ab07c57f713bdd7deaa34f

    • SHA512

      5da9bab0cc83db4a904b1bbd9f3d7766337a4c1a91eb60297b2b44631b5460ec8cf86e6daecf6366e11b87aab55acc4b195e3a148b956982c109e29bbd75936b

    • SSDEEP

      98304:MTEk6iXsxRB91/bloHIfnZzyo5IDG/y2O2cU9:MYkyRBfSHIfZzyoWYy2Oc9

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries information about active data network

    • Requests changing the default SMS application.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Requests enabling of the accessibility settings.

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.