General
-
Target
cc088e5ca8277a42cd0cfa14988d8af0f69194c5808a0d8cb33aada333e92f6c
-
Size
5.4MB
-
Sample
240902-jk595svhnq
-
MD5
c06aa910841cf4c7f020b9a6f30663d3
-
SHA1
39f8fc6e4ad8f3fbf6d26542dae6ef704be42a0c
-
SHA256
cc088e5ca8277a42cd0cfa14988d8af0f69194c5808a0d8cb33aada333e92f6c
-
SHA512
899067119bd7918b5e98779ac6367f17fdc53c1d62aecad164c504b338c974adaf46d7055fc68c69d881144ea263972dd77392d4059b123b697e16c5b0dc76c2
-
SSDEEP
98304:bg6Bvfymd5SsncjHaX642ziJO+k0Z51iMvmHj1gDOQntmsS8yU2Kac6ur2ftPQ/S:E6Yms+K42sdDZ51NSgi6tvkcsft2S
Static task
static1
Behavioral task
behavioral1
Sample
cc088e5ca8277a42cd0cfa14988d8af0f69194c5808a0d8cb33aada333e92f6c.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
cc088e5ca8277a42cd0cfa14988d8af0f69194c5808a0d8cb33aada333e92f6c.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
cc088e5ca8277a42cd0cfa14988d8af0f69194c5808a0d8cb33aada333e92f6c.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Targets
-
-
Target
cc088e5ca8277a42cd0cfa14988d8af0f69194c5808a0d8cb33aada333e92f6c
-
Size
5.4MB
-
MD5
c06aa910841cf4c7f020b9a6f30663d3
-
SHA1
39f8fc6e4ad8f3fbf6d26542dae6ef704be42a0c
-
SHA256
cc088e5ca8277a42cd0cfa14988d8af0f69194c5808a0d8cb33aada333e92f6c
-
SHA512
899067119bd7918b5e98779ac6367f17fdc53c1d62aecad164c504b338c974adaf46d7055fc68c69d881144ea263972dd77392d4059b123b697e16c5b0dc76c2
-
SSDEEP
98304:bg6Bvfymd5SsncjHaX642ziJO+k0Z51iMvmHj1gDOQntmsS8yU2Kac6ur2ftPQ/S:E6Yms+K42sdDZ51NSgi6tvkcsft2S
-
FluBot payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Requests accessing notifications (often used to intercept notifications before users become aware).
-
Requests changing the default SMS application.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests enabling of the accessibility settings.
-
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Credential Access
Access Notifications
1Input Capture
2GUI Input Capture
1Keylogging
1