Overview

overview

10

Static

static

6

79d5c30d11...7d.apk

android-9-x86

10

79d5c30d11...7d.apk

android-10-x64

10

79d5c30d11...7d.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79d5c30d1166b7aa876917b8910d2255cf62250f701dbaf5994f12b25f268c7d.bin

  • Size

    3.3MB

  • Sample

    240807-1zrtqsycnc

  • MD5

    c6cddb4153db8ee8a095c5b79b21887a

  • SHA1

    39d648aa7c483b08809a5753f5b44bfbf9d03dda

  • SHA256

    79d5c30d1166b7aa876917b8910d2255cf62250f701dbaf5994f12b25f268c7d

  • SHA512

    d86348875d29a3c1d6c815a6e9d555185b03c0b13afd3a63159438341a05ce356b7c0f0fec4941257a4e271a6c9d4516a1b1ad0461b9777eb50c10bd216a63c4

  • SSDEEP

    98304:qTEk6iXsxRB91ylmk69K3/b0k5GDG/y2O2cUs:qYkyRBSf69S/b0kAYy2Ocs

Score
10/10
flubotandroidbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      79d5c30d1166b7aa876917b8910d2255cf62250f701dbaf5994f12b25f268c7d.bin

    • Size

      3.3MB

    • MD5

      c6cddb4153db8ee8a095c5b79b21887a

    • SHA1

      39d648aa7c483b08809a5753f5b44bfbf9d03dda

    • SHA256

      79d5c30d1166b7aa876917b8910d2255cf62250f701dbaf5994f12b25f268c7d

    • SHA512

      d86348875d29a3c1d6c815a6e9d555185b03c0b13afd3a63159438341a05ce356b7c0f0fec4941257a4e271a6c9d4516a1b1ad0461b9777eb50c10bd216a63c4

    • SSDEEP

      98304:qTEk6iXsxRB91ylmk69K3/b0k5GDG/y2O2cUs:qYkyRBSf69S/b0kAYy2Ocs

    Score
    10/10
    flubotbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Requests changing the default SMS application.

      collectionimpact

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks