Overview

overview

10

Static

static

6

957900b7bc...a4.apk

android-9-x86

10

957900b7bc...a4.apk

android-10-x64

10

957900b7bc...a4.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    957900b7bc1a116f32ba731adc076e44c4be62612071c430b67d478628dcdca4.bin

  • Size

    3.2MB

  • Sample

    240807-1zn3vaycna

  • MD5

    ae96f02aa025919dc4d1ef3d72249484

  • SHA1

    dbda147735afcfd333b47919aeca481d998a3a50

  • SHA256

    957900b7bc1a116f32ba731adc076e44c4be62612071c430b67d478628dcdca4

  • SHA512

    e889abd13855da39f6a90e3834034fec6d1575bef36510ee3bebae5698f56bd845a782e6087d5d53ea4bfc3b5821579b071e4409079e85b62a2013af1e92cdfd

  • SSDEEP

    98304:yElBNzfMAf9mdOtZ34tVpvbPIAR9XAU5LfE9c:p/wOYtVlbPIAnAQMW

Score
10/10
flubotandroidbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      957900b7bc1a116f32ba731adc076e44c4be62612071c430b67d478628dcdca4.bin

    • Size

      3.2MB

    • MD5

      ae96f02aa025919dc4d1ef3d72249484

    • SHA1

      dbda147735afcfd333b47919aeca481d998a3a50

    • SHA256

      957900b7bc1a116f32ba731adc076e44c4be62612071c430b67d478628dcdca4

    • SHA512

      e889abd13855da39f6a90e3834034fec6d1575bef36510ee3bebae5698f56bd845a782e6087d5d53ea4bfc3b5821579b071e4409079e85b62a2013af1e92cdfd

    • SSDEEP

      98304:yElBNzfMAf9mdOtZ34tVpvbPIAR9XAU5LfE9c:p/wOYtVlbPIAnAQMW

    Score
    10/10
    flubotbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Requests changing the default SMS application.

      collectionimpact

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks