General

  • Target

    c23426edaf37a2fc6fc3a6e5daa17bfa_JaffaCakes118

  • Size

    3.8MB

  • Sample

    241204-mwl77aykfn

  • MD5

    c23426edaf37a2fc6fc3a6e5daa17bfa

  • SHA1

    a362e1aaf8bc7a7491b10eab252c3b7ee8532a46

  • SHA256

    a0181864eed9294cac0d278fa0eadabe68b3adb333eeb2e26cc082836f82489d

  • SHA512

    98b78e62a63d87ddc55722658e85acb5f9ba4b792578ca8868e8214e04f4336e9728bec2c386b6afbac4f2183f8232d6e958b215c5c0948746f4254d32ffa2ff

  • SSDEEP

    98304:e5bwkHNRfCwdA0cduVE7AxeQrUsVinobTdp6n:eFo0cdu+AxeMxTdwn

Malware Config

Targets

    • Target

      c23426edaf37a2fc6fc3a6e5daa17bfa_JaffaCakes118

    • Size

      3.8MB

    • MD5

      c23426edaf37a2fc6fc3a6e5daa17bfa

    • SHA1

      a362e1aaf8bc7a7491b10eab252c3b7ee8532a46

    • SHA256

      a0181864eed9294cac0d278fa0eadabe68b3adb333eeb2e26cc082836f82489d

    • SHA512

      98b78e62a63d87ddc55722658e85acb5f9ba4b792578ca8868e8214e04f4336e9728bec2c386b6afbac4f2183f8232d6e958b215c5c0948746f4254d32ffa2ff

    • SSDEEP

      98304:e5bwkHNRfCwdA0cduVE7AxeQrUsVinobTdp6n:eFo0cdu+AxeMxTdwn

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot payload

    • Flubot family

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks