General
-
Target
0bc5b37b122d9f5335f2b2b3d6532af7538a1ccb
-
Size
2.9MB
-
Sample
250227-bbscxsznt5
-
MD5
eb4558531fd743d006db96d62b6eee5a
-
SHA1
0bc5b37b122d9f5335f2b2b3d6532af7538a1ccb
-
SHA256
24ee0cd3a0841533e1a17fb8093509492094142010c324a078ac57ee7b8c032e
-
SHA512
306fc3ad585cb2bb15fa0dc5534634f8c042e3c3fe421893fe7f13ca2be8ceb4a66e30a252ffec1020aefb137548a449f00ced2f2f8b7e5943cc849094d06466
-
SSDEEP
49152:HVj5tbVhOhzswxyKr8qfqe+5HwOhIV2XYN5OHgGsUtThM05I/D0NcxZBQr:1j5x46Ud+wOSVdN5kiUtThM0HyxrC
Malware Config
Targets
-
-
Target
0bc5b37b122d9f5335f2b2b3d6532af7538a1ccb
-
Size
2.9MB
-
MD5
eb4558531fd743d006db96d62b6eee5a
-
SHA1
0bc5b37b122d9f5335f2b2b3d6532af7538a1ccb
-
SHA256
24ee0cd3a0841533e1a17fb8093509492094142010c324a078ac57ee7b8c032e
-
SHA512
306fc3ad585cb2bb15fa0dc5534634f8c042e3c3fe421893fe7f13ca2be8ceb4a66e30a252ffec1020aefb137548a449f00ced2f2f8b7e5943cc849094d06466
-
SSDEEP
49152:HVj5tbVhOhzswxyKr8qfqe+5HwOhIV2XYN5OHgGsUtThM05I/D0NcxZBQr:1j5x46Ud+wOSVdN5kiUtThM0HyxrC
Score10/10-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot payload
-
Flubot family
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-