Overview

overview

10

Static

static

6

60fe45472b...b5.apk

android-9-x86

10

60fe45472b...b5.apk

android-10-x64

10

60fe45472b...b5.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    60fe45472b87bb261930e74422c7a9b5.apk

  • Size

    4.2MB

  • Sample

    240902-jsdj4awhje

  • MD5

    60fe45472b87bb261930e74422c7a9b5

  • SHA1

    742334d1697c73d5c7a6621a5f278c397afdfe14

  • SHA256

    5c9057d6d19f82fbba255d58e9b0da7102fed08ee25e548e08f0a5b22efc42a2

  • SHA512

    5acbdf22b276db4a9848c8153b008026df6cff40f26097967696e2c1ca3c5e12a723ca34ec8b055f10da2e549fb74db2947d85e294527f8a7a65331475cf73ea

  • SSDEEP

    98304:5mhzX3DSNLLs4iqrwDn0pFartCVTbBRrQDjhCIwhErEwS1H:sFX3+pCY5PaR2yjUIHrzS1H

Score
10/10
flubotandroidbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      60fe45472b87bb261930e74422c7a9b5.apk

    • Size

      4.2MB

    • MD5

      60fe45472b87bb261930e74422c7a9b5

    • SHA1

      742334d1697c73d5c7a6621a5f278c397afdfe14

    • SHA256

      5c9057d6d19f82fbba255d58e9b0da7102fed08ee25e548e08f0a5b22efc42a2

    • SHA512

      5acbdf22b276db4a9848c8153b008026df6cff40f26097967696e2c1ca3c5e12a723ca34ec8b055f10da2e549fb74db2947d85e294527f8a7a65331475cf73ea

    • SSDEEP

      98304:5mhzX3DSNLLs4iqrwDn0pFartCVTbBRrQDjhCIwhErEwS1H:sFX3+pCY5PaR2yjUIHrzS1H

    Score
    10/10
    flubotbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Requests accessing notifications (often used to intercept notifications before users become aware).

      collectioncredential_access

    • Requests changing the default SMS application.

      collectionimpact

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks