Overview

overview

10

Static

static

6

28c11bb998...2f.apk

android-9-x86

10

28c11bb998...2f.apk

android-10-x64

10

28c11bb998...2f.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    289d589b3de665464190264d55d1943eaac7a5bedbd0cdf934bf7ea5b0041e26.zip

  • Size

    4.4MB

  • Sample

    250325-rmdlxa1kz6

  • MD5

    bd2a51a9529ec4a5e2c0c6db56c83309

  • SHA1

    3a03dffd40078d667d3f98fb1ffb7a28d84f57fd

  • SHA256

    289d589b3de665464190264d55d1943eaac7a5bedbd0cdf934bf7ea5b0041e26

  • SHA512

    bb3cbe976cd540a218d1b262940b82bc18c0c4223904d039ab37c4ebd07b1ddc8b8fde9b8cbdc388db47e2cc84a25bdd64fe05acb6e58215a5d312b63f208370

  • SSDEEP

    98304:uWfx+F8u5Tz5Dyxhqr5R1hEGTtsCeZ/BjaMB:uWfx+F8u5TzhxKGTo/BjaMB

Score
10/10
flubotandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      28c11bb998bf8c023a212c6518b4f8219c8583c2e79fc87d76be6fcad51b522f.apk

    • Size

      4.9MB

    • MD5

      92891906b5842b1daac01661731116b9

    • SHA1

      53ff2b0a928fda3439d188c9b7d2f989f7e93eec

    • SHA256

      28c11bb998bf8c023a212c6518b4f8219c8583c2e79fc87d76be6fcad51b522f

    • SHA512

      0b5f95a0c2022953c8ccf65808c976ea54718495952a115d557098443dc7509d419fe2c5255f05795a057061cf64bf69479c349a8361e7f4950325dc7344feb0

    • SSDEEP

      98304:Ctbtx8eId6BxzYR3veFk1lW1zdMQ0pDDDxjUXIklfie3RrQm+jVNryVIh:Cxq8bzYR3WFk1lW1zdMPxDDxI4kXV+xF

    Score
    10/10
    flubotbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Flubot family

      flubot

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Requests changing the default SMS application.

      collectionimpact

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.