Overview

overview

10

Static

static

6

cc088e5ca8...6c.apk

android-9-x86

10

cc088e5ca8...6c.apk

android-10-x64

10

cc088e5ca8...6c.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc088e5ca8277a42cd0cfa14988d8af0f69194c5808a0d8cb33aada333e92f6c

  • Size

    5.4MB

  • Sample

    240902-me9bdsygmb

  • MD5

    c06aa910841cf4c7f020b9a6f30663d3

  • SHA1

    39f8fc6e4ad8f3fbf6d26542dae6ef704be42a0c

  • SHA256

    cc088e5ca8277a42cd0cfa14988d8af0f69194c5808a0d8cb33aada333e92f6c

  • SHA512

    899067119bd7918b5e98779ac6367f17fdc53c1d62aecad164c504b338c974adaf46d7055fc68c69d881144ea263972dd77392d4059b123b697e16c5b0dc76c2

  • SSDEEP

    98304:bg6Bvfymd5SsncjHaX642ziJO+k0Z51iMvmHj1gDOQntmsS8yU2Kac6ur2ftPQ/S:E6Yms+K42sdDZ51NSgi6tvkcsft2S

Score
10/10
flubotandroidbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencestealthtrojan

Malware Config

Targets

    • Target

      cc088e5ca8277a42cd0cfa14988d8af0f69194c5808a0d8cb33aada333e92f6c

    • Size

      5.4MB

    • MD5

      c06aa910841cf4c7f020b9a6f30663d3

    • SHA1

      39f8fc6e4ad8f3fbf6d26542dae6ef704be42a0c

    • SHA256

      cc088e5ca8277a42cd0cfa14988d8af0f69194c5808a0d8cb33aada333e92f6c

    • SHA512

      899067119bd7918b5e98779ac6367f17fdc53c1d62aecad164c504b338c974adaf46d7055fc68c69d881144ea263972dd77392d4059b123b697e16c5b0dc76c2

    • SSDEEP

      98304:bg6Bvfymd5SsncjHaX642ziJO+k0Z51iMvmHj1gDOQntmsS8yU2Kac6ur2ftPQ/S:E6Yms+K42sdDZ51NSgi6tvkcsft2S

    Score
    10/10
    flubotbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencestealthtrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Requests accessing notifications (often used to intercept notifications before users become aware).

      collectioncredential_access

    • Requests changing the default SMS application.

      collectionimpact

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Credential Access

Access Notifications

1
T1517

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Access Notifications

1
T1517

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

1
T1636

SMS Messages

1
T1636.004

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Input Injection

1
T1516

SMS Control

1
T1582

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.