Overview

overview

10

Static

static

6

2c74efb0e8...6c.apk

android-9-x86

10

2c74efb0e8...6c.apk

android-10-x64

10

2c74efb0e8...6c.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8661432a7c6d96b33e2fea7dcb76fad0c7dde9a4640c2262c7f5abb464ead9d5.zip

  • Size

    4.9MB

  • Sample

    250326-sclefaxscz

  • MD5

    33e43a38add2f983a42047a5384d2888

  • SHA1

    2ef69d128fcdec59b931238b72e021bab92a39d2

  • SHA256

    8661432a7c6d96b33e2fea7dcb76fad0c7dde9a4640c2262c7f5abb464ead9d5

  • SHA512

    b6b1cf11b223c39107f0c06b61a0c4f336e3e7f1007eb984d2b4acab72360ca88ec748d28d1d22bee8f7d8199f45ff34f678d559339b24335be44bc52744d801

  • SSDEEP

    98304:wf2C/UZA24GKO4wjxESeg58tQSkdTuIbcFfZxO9ENa8TBVe2QSiQzmqyF3QwNLlh:42UeA29jxpeewIghZ49EZ6lZQznSjNf

Score
10/10
flubotandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      2c74efb0e8304948e56f4ccb1ced6c05734842ecdc95628decacfa74d06baf6c.apk

    • Size

      5.0MB

    • MD5

      729160d423c809ec7d4802fef9010076

    • SHA1

      05e887acc64b92764a7ce9156745e59b42f1144a

    • SHA256

      2c74efb0e8304948e56f4ccb1ced6c05734842ecdc95628decacfa74d06baf6c

    • SHA512

      629e172df2ee3d0a2389f2dfe6cef08b034fcaf07d0136949d06b13b45514d7c98f67da0f22f7491ab9ef9eede945f4267a3604a70effa0aaee9a3b9cc18f8bf

    • SSDEEP

      98304:p6nnEiSsLombCuNZGFOxXknnhoZI9wHRp73rXTdgksiIAiLFY0YsET8LA3W3gr:pCtoeGFOx0nnhp9wXC2I/7YsS803V

    Score
    10/10
    flubotbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Flubot family

      flubot

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Queries information about active data network

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks