Overview

overview

10

Static

static

6

831334e1e4...6b.apk

android-13-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    831334e1e49ec7a25375562688543ee75b2b3cc7352afc019856342def52476b.apk

  • Size

    4.8MB

  • Sample

    250108-gwvxfazlfn

  • MD5

    c10d38a63e776e5940d281bddbb497d4

  • SHA1

    ac0561ee9acc38c138409d03a24bdd992a5b1d96

  • SHA256

    831334e1e49ec7a25375562688543ee75b2b3cc7352afc019856342def52476b

  • SHA512

    a9ddd9f1f370c0a15fc4f777ccd1bad8e2c3c6ad1236561fe8dc8e44690498e095fe86b755af68d43c14dc9a85cd0f9bbda452463e7dcad1e4bcdb2901ce3da5

  • SSDEEP

    98304:5qBTEbLg6IcV1bVGgecr2uoyoqxQ7jjrXJ7dGK4z11GafG63W3KL:5BGcV1bVbjCuoyoqxIxGKk1QafN3BL

Score
10/10
flubotandroidbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      831334e1e49ec7a25375562688543ee75b2b3cc7352afc019856342def52476b.apk

    • Size

      4.8MB

    • MD5

      c10d38a63e776e5940d281bddbb497d4

    • SHA1

      ac0561ee9acc38c138409d03a24bdd992a5b1d96

    • SHA256

      831334e1e49ec7a25375562688543ee75b2b3cc7352afc019856342def52476b

    • SHA512

      a9ddd9f1f370c0a15fc4f777ccd1bad8e2c3c6ad1236561fe8dc8e44690498e095fe86b755af68d43c14dc9a85cd0f9bbda452463e7dcad1e4bcdb2901ce3da5

    • SSDEEP

      98304:5qBTEbLg6IcV1bVGgecr2uoyoqxQ7jjrXJ7dGK4z11GafG63W3KL:5BGcV1bVbjCuoyoqxIxGKk1QafN3BL

    Score
    10/10
    flubotbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Flubot family

      flubot

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Requests accessing notifications (often used to intercept notifications before users become aware).

      collectioncredential_access

    • Requests changing the default SMS application.

      collectionimpact

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks