General

  • Target

    496fc7c217a81516c139b47c8ac97e83f8f1ae149a34ef3f84b4b388a9684825.bin

  • Size

    4.5MB

  • Sample

    240903-1x4erayblq

  • MD5

    873ea658869419d57eed1111ff20585c

  • SHA1

    a9d8d5f05be687db300a2e864a63c98e2bfcd06a

  • SHA256

    496fc7c217a81516c139b47c8ac97e83f8f1ae149a34ef3f84b4b388a9684825

  • SHA512

    2e2535385a1de262a62fd13183a7d47402816fc45ddfd733b566a3e0a5937a90c13868cc405f24d720d2a0d830dee7e375e425c31635f0a0f4d732f0e79bf8af

  • SSDEEP

    98304:1Ye8VKr2TJrvV8K7PxnPYPOfdfltw4XSnzw09xnmVOMRRp/0X:19r4JrvV8KlnPYPOfdfrwPvnmkq/0X

Malware Config

Targets

    • Target

      496fc7c217a81516c139b47c8ac97e83f8f1ae149a34ef3f84b4b388a9684825.bin

    • Size

      4.5MB

    • MD5

      873ea658869419d57eed1111ff20585c

    • SHA1

      a9d8d5f05be687db300a2e864a63c98e2bfcd06a

    • SHA256

      496fc7c217a81516c139b47c8ac97e83f8f1ae149a34ef3f84b4b388a9684825

    • SHA512

      2e2535385a1de262a62fd13183a7d47402816fc45ddfd733b566a3e0a5937a90c13868cc405f24d720d2a0d830dee7e375e425c31635f0a0f4d732f0e79bf8af

    • SSDEEP

      98304:1Ye8VKr2TJrvV8K7PxnPYPOfdfltw4XSnzw09xnmVOMRRp/0X:19r4JrvV8KlnPYPOfdfrwPvnmkq/0X

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot payload

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries information about active data network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.