Overview

overview

10

Static

static

10

6323ac6516...b6.apk

android-9-x86

10

6323ac6516...b6.apk

android-10-x64

10

6323ac6516...b6.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c885156d7497fae88b6b377b83d67bee47190cc7615f2062c8cbf4b126909059.zip

  • Size

    2.5MB

  • Sample

    250327-jaedns1ls2

  • MD5

    ced5cf434fabc5fe1819dab8ea54c1fa

  • SHA1

    f770e6a01eaa2625357fc98a0c68a3a6ffd1de62

  • SHA256

    c885156d7497fae88b6b377b83d67bee47190cc7615f2062c8cbf4b126909059

  • SHA512

    f33a3bf3360459a8c89e2f997e3a6d59c08256ea2ff995ca9d5f66bbe4b2f5d0c2ab40aebdf4ed64919afdefb23c2357012e79efcdb947f7e40bb3b1ba65783c

  • SSDEEP

    49152:LoUIto/7VXjVy3WC1BfSV2KBJxy+WShToAuUQq70b/cN:sUIUTCTfSV2KDxyAhXrDN

Score
10/10
dogeratflubotandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      6323ac65167e8d48c3bd6c8b839eb600b5b9be9b942e582640147be8d98cedb6.apk

    • Size

      2.6MB

    • MD5

      b65b16fb181011fdaf1fa4bcc22edf5b

    • SHA1

      93c3c66ede2d13c5ec2325ee0f774a6808c0d7af

    • SHA256

      6323ac65167e8d48c3bd6c8b839eb600b5b9be9b942e582640147be8d98cedb6

    • SHA512

      6ea8a8c5ca4875707ac338236f9f945787a793ee125a41f8a4423d3e5b6339ddd8bf59432f17da5c1c98026001f797d0520b51bc0d16bafe68d931b202a10d76

    • SSDEEP

      49152:w2mWPAlycYeV11r5N1SlVF4VyNHBn9bsTaU6KbN39kpkOwdWp8fAV6uXhDL9Iqq:Mdlkeb1r5aPFIkHxFs+49PcfVXhvu

    Score
    10/10
    flubotbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Flubot family

      flubot

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Requests changing the default SMS application.

      collectionimpact

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.