General
-
Target
8661432a7c6d96b33e2fea7dcb76fad0c7dde9a4640c2262c7f5abb464ead9d5.zip
-
Size
4.9MB
-
Sample
250326-shjg2ayqx8
-
MD5
33e43a38add2f983a42047a5384d2888
-
SHA1
2ef69d128fcdec59b931238b72e021bab92a39d2
-
SHA256
8661432a7c6d96b33e2fea7dcb76fad0c7dde9a4640c2262c7f5abb464ead9d5
-
SHA512
b6b1cf11b223c39107f0c06b61a0c4f336e3e7f1007eb984d2b4acab72360ca88ec748d28d1d22bee8f7d8199f45ff34f678d559339b24335be44bc52744d801
-
SSDEEP
98304:wf2C/UZA24GKO4wjxESeg58tQSkdTuIbcFfZxO9ENa8TBVe2QSiQzmqyF3QwNLlh:42UeA29jxpeewIghZ49EZ6lZQznSjNf
Malware Config
Targets
-
-
Target
2c74efb0e8304948e56f4ccb1ced6c05734842ecdc95628decacfa74d06baf6c.apk
-
Size
5.0MB
-
MD5
729160d423c809ec7d4802fef9010076
-
SHA1
05e887acc64b92764a7ce9156745e59b42f1144a
-
SHA256
2c74efb0e8304948e56f4ccb1ced6c05734842ecdc95628decacfa74d06baf6c
-
SHA512
629e172df2ee3d0a2389f2dfe6cef08b034fcaf07d0136949d06b13b45514d7c98f67da0f22f7491ab9ef9eede945f4267a3604a70effa0aaee9a3b9cc18f8bf
-
SSDEEP
98304:p6nnEiSsLombCuNZGFOxXknnhoZI9wHRp73rXTdgksiIAiLFY0YsET8LA3W3gr:pCtoeGFOx0nnhp9wXC2I/7YsS803V
Score10/10-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot payload
-
Flubot family
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-