Overview

overview

10

Static

static

6

44ea6e6894...57.apk

android-9-x86

10

44ea6e6894...57.apk

android-10-x64

10

44ea6e6894...57.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    faa162a501f916513ee00620f2680487d2dbe7b1a879ab866c4d5da016897c2e.zip

  • Size

    3.2MB

  • Sample

    250327-ysmkbszjx8

  • MD5

    f8fab7c06872ea79dff249431e04f0eb

  • SHA1

    a1e453367436553424ba1b12ded24332b3e88fe0

  • SHA256

    faa162a501f916513ee00620f2680487d2dbe7b1a879ab866c4d5da016897c2e

  • SHA512

    ac072084c6a1209031f8b8dae52ead7a3ca01d0ed40672fc6c5b7adeda7b4bb4472f87ae2ea8aeb4693168e95f9d4b43bf4d31484d593829c11aa7ebaf88989d

  • SSDEEP

    49152:z3tHUhcArUfuxXcX3if1B7PUC6sbMN9OyubIaa16/1jwIg7F6VgG7ysLs:rtHV2tcX3e1BrUC6gezubIC+7FAb+sLs

Score
10/10
flubotandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      44ea6e68941e2f3716ecaa178775d5e81008edc7a969d40c90baf85a862a7a57.apk

    • Size

      3.3MB

    • MD5

      2455e88ae54546cea448f901dd8127da

    • SHA1

      55114bedf297893bc3022414796515e2df79d5ae

    • SHA256

      44ea6e68941e2f3716ecaa178775d5e81008edc7a969d40c90baf85a862a7a57

    • SHA512

      9898801d5df8c20f6c1bc06e3233a51d461cd581b4b1989a7f184809bfd92f8e47a6dcdedf11a8209e767377b4917661af75544d8ddf3ae08175aa254e027abd

    • SSDEEP

      49152:vzsCuCrwYD57Qyr5nsqNz+yBcvPDCkUHXCHvNwu4f3MUyN7AYpDMaSwXZ4cos:vwCdD57QyrKZOcDrjGusyZAWRS+ZR

    Score
    10/10
    flubotbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Flubot family

      flubot

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Requests changing the default SMS application.

      collectionimpact

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks