Overview

overview

10

Static

static

10

6323ac6516...b6.apk

android-9-x86

10

6323ac6516...b6.apk

android-10-x64

10

6323ac6516...b6.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c885156d7497fae88b6b377b83d67bee47190cc7615f2062c8cbf4b126909059.zip

  • Size

    2.5MB

  • Sample

    250327-jdgm7s1lw6

  • MD5

    ced5cf434fabc5fe1819dab8ea54c1fa

  • SHA1

    f770e6a01eaa2625357fc98a0c68a3a6ffd1de62

  • SHA256

    c885156d7497fae88b6b377b83d67bee47190cc7615f2062c8cbf4b126909059

  • SHA512

    f33a3bf3360459a8c89e2f997e3a6d59c08256ea2ff995ca9d5f66bbe4b2f5d0c2ab40aebdf4ed64919afdefb23c2357012e79efcdb947f7e40bb3b1ba65783c

  • SSDEEP

    49152:LoUIto/7VXjVy3WC1BfSV2KBJxy+WShToAuUQq70b/cN:sUIUTCTfSV2KDxyAhXrDN

Score
10/10
dogeratflubotandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      6323ac65167e8d48c3bd6c8b839eb600b5b9be9b942e582640147be8d98cedb6.apk

    • Size

      2.6MB

    • MD5

      b65b16fb181011fdaf1fa4bcc22edf5b

    • SHA1

      93c3c66ede2d13c5ec2325ee0f774a6808c0d7af

    • SHA256

      6323ac65167e8d48c3bd6c8b839eb600b5b9be9b942e582640147be8d98cedb6

    • SHA512

      6ea8a8c5ca4875707ac338236f9f945787a793ee125a41f8a4423d3e5b6339ddd8bf59432f17da5c1c98026001f797d0520b51bc0d16bafe68d931b202a10d76

    • SSDEEP

      49152:w2mWPAlycYeV11r5N1SlVF4VyNHBn9bsTaU6KbN39kpkOwdWp8fAV6uXhDL9Iqq:Mdlkeb1r5aPFIkHxFs+49PcfVXhvu

    Score
    10/10
    flubotbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Flubot family

      flubot

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Requests changing the default SMS application.

      collectionimpact

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks