Overview

overview

10

Static

static

10

89025ff120...f1.apk

android-9-x86

10

89025ff120...f1.apk

android-10-x64

10

89025ff120...f1.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d01cc355afca99e306df4c4093e7df9001a79c63bfa3f9047be7a15fc5ca07e6.zip

  • Size

    4.3MB

  • Sample

    250327-kxehma1ry2

  • MD5

    9dc8925d666a6778ce97a9ba76e670a1

  • SHA1

    f15718a62bcb7277aa063286a6fea242c1a2a0ce

  • SHA256

    d01cc355afca99e306df4c4093e7df9001a79c63bfa3f9047be7a15fc5ca07e6

  • SHA512

    dd1df8357d5f4def6382aba88e1efe51cc84a9607c09e98c500bdf3d064eb3170bda20e3caed0ad82972f9d37b7ff064667d79df7d2e576d9b627b6c5a952e36

  • SSDEEP

    49152:MgH2g3X3qX47An76qDDNC6VoDCNwzYAjV1E3VrBeMR5D5UnaCA+QmQh8uofc9gDm:MMKvDfqCNTCuNFL4C+elz9gsjKvfG3i+

Score
10/10
dogeratflubotandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      89025ff12018ed90a709f3c8bf47b803c5c5b2b533858bda398fca3e1d6140f1.zip

    • Size

      4.4MB

    • MD5

      6a0660a71795cb8d67370524b56bb29a

    • SHA1

      681a02883944f6f14963815e854f3fa3de5cc6f3

    • SHA256

      89025ff12018ed90a709f3c8bf47b803c5c5b2b533858bda398fca3e1d6140f1

    • SHA512

      318cd57c16e0529a9ff1021533298f5a79418da15c81f71f8138da9ff344e0a8135974b77a48456507d0215e4af8eab651b44ea00a2edb3e0d55fc8c7620b3b0

    • SSDEEP

      98304:41DNrQxdkTDyZWINaesGQn59u9lfACK6tlt6C+E/ECH:4J1Qxdcy/NafGQ78fA76tltNJ/ECH

    Score
    10/10
    flubotbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Flubot family

      flubot

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Requests changing the default SMS application.

      collectionimpact

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks