Overview

overview

10

Static

static

6

30937927e8...67.apk

android-9-x86

10

30937927e8...67.apk

android-10-x64

10

30937927e8...67.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30937927e8891f8c0fd2c7b6be5fbc5a05011c34a7375e91aad384b82b9e6a67.apk

  • Size

    6.1MB

  • Sample

    250324-evv5pswya1

  • MD5

    1a2a4044cf18eed59e66c413db766145

  • SHA1

    4e6e9995c3792d8cbcdd8aeb762bb0a6f74cef68

  • SHA256

    30937927e8891f8c0fd2c7b6be5fbc5a05011c34a7375e91aad384b82b9e6a67

  • SHA512

    cc069b2cc2e3c55190b0c840d98b2f6612e7779c759a24dfd903d96a028f5375ef806c40910efb98d566cef276557dab5cba13397cedc9a1ad56c1d2e1727ae8

  • SSDEEP

    98304:piRrQE87MwGC0NnlKaNzvc0j9nj1lA9wVAe0bAQfkFLv0yim:pW87Mznl1XnRlA68qj0yn

Score
10/10
flubotandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

Malware Config

Targets

    • Target

      30937927e8891f8c0fd2c7b6be5fbc5a05011c34a7375e91aad384b82b9e6a67.apk

    • Size

      6.1MB

    • MD5

      1a2a4044cf18eed59e66c413db766145

    • SHA1

      4e6e9995c3792d8cbcdd8aeb762bb0a6f74cef68

    • SHA256

      30937927e8891f8c0fd2c7b6be5fbc5a05011c34a7375e91aad384b82b9e6a67

    • SHA512

      cc069b2cc2e3c55190b0c840d98b2f6612e7779c759a24dfd903d96a028f5375ef806c40910efb98d566cef276557dab5cba13397cedc9a1ad56c1d2e1727ae8

    • SSDEEP

      98304:piRrQE87MwGC0NnlKaNzvc0j9nj1lA9wVAe0bAQfkFLv0yim:pW87Mznl1XnRlA68qj0yn

    Score
    10/10
    flubotbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Flubot family

      flubot

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Requests changing the default SMS application.

      collectionimpact

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks