General

  • Target

    452cc39649bfdfdd81de938f2ce93481.zip

  • Size

    4.5MB

  • Sample

    240831-lsavbaxeqe

  • MD5

    d2397ae8f6d1d361428bcdbf378fe098

  • SHA1

    54eaad154fce3e0eac6e6a02d1f928417844aadb

  • SHA256

    33666b5f83d4fb29d783beef08d710f0a2ed6e896adcad2c40b1ce3e33905e15

  • SHA512

    9e172d369f074cf2a9be9a3f9d546de46b9438833ca70e9506373819bacbb1e1d58a9c8a3c6637ad959678bd5ec5867427a2f2d6ed7a72cd0a36b57aeae3dafd

  • SSDEEP

    98304:kKpugZB05LKQMJGeS35LtwIwd+xBhbydA:kAULKnGe0hQMvJz

Malware Config

Targets

    • Target

      5b62a449bdeff05e4bf7b6e42870ed4ad8d3f9a6cef66267b05295d8937e0b10

    • Size

      4.6MB

    • MD5

      452cc39649bfdfdd81de938f2ce93481

    • SHA1

      b499554198e09fd171bbdd8d1cd3a0711c2a6bbd

    • SHA256

      5b62a449bdeff05e4bf7b6e42870ed4ad8d3f9a6cef66267b05295d8937e0b10

    • SHA512

      1750ae273a2c3b0000a2371e42c9fd3299f667c55d3fa6cf27c0b5154b498a65ed07ae3075dd645f34ca148777e9bea2dd95d936973fce4ca943a4aad999fe1e

    • SSDEEP

      98304:hoNuiDQ9wfSVdDp6gDkTjhJfB5oxlAuEk0Olk0msIQpfYgQ+Q67D2w:hKr4pVZp6PjbfskXX+fPQd67/

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot payload

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks