Study of the FluBot analysis

Posted date 15/04/2021

This study focuses on the malicious code FluBot, a Trojan specially designed for Android devices and which has been present in multiple fraudulent SMS campaigns since 2020, in which it spoofs logistics companies seeking to have the user install a malicious application.

This study contains a detailed technical report prepared after analysing the samples found in numerous campaigns detected that spoof messaging services, in order to identify the family to which this malicious code belongs, and the actions it carries out, collecting the greatest possible quantity of information.

An IOC rule and a Yara rule are also available in this analysis to help with detecting samples belonging to the FluBot family.

  • General information.
  • Summary of actions.
  • Detailed analysis.
  • Anti-detection and anti-reverse engineering techniques.
  • Persistence.