← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
EASTERN ASIAN ANDROID ASSAULT – FLUHORSE
WHITE Superpro 2023-05-08 Modified: 2023-05-08
40
IOCs
MEDIUM VOLUME
A new malware called FluHorse has been discovered, which targets different sectors of Eastern Asian markets through malicious Android applications that mimic legitimate ones. These apps have already been downloaded more than a million times and can steal victims' credentials and 2FA codes. The malware is distributed via emails, and in some cases, the emails used in the first stage of the attacks belong to high-profile entities. FluHorse is a persistent and dangerous threat that can remain undetected for months.
object poolc serverflutterdartandroidcheck pointelectronic tolldart objectfluhorseetc apkfuturevirustotalplayphishingnightloveexamplewindowfirstcodeformatevil
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Object Pool
Indicators of Compromise (40)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 784513796af2e9033fe3fe3d07273805 MD5 of 416e22d6b85d6633d1da000058efb3cd597b8b7df5d77a6c3456464d65a775b3 2023-05-08
FileHash-MD5 9d2523f1dc9d327377748cd44e67faa6 MD5 of d8a777b050ba27eeb41c0035f3477882d7eafc56edfcbe1e8cef05a7e85c8b9e 2023-05-08
FileHash-MD5 a476fd574020a80be414d4c4d395d8bf MD5 of 9220752302e2bca0002ea701c772b2f2306831711b1c323157ef2573f176821a 2023-05-08
FileHash-MD5 a5153d65c4e5de898808220670220579 MD5 of 8b591b5488dab8adb485ea55197148d6b39715da562537c7d8b1a79cd3639510 2023-05-08
FileHash-MD5 e2c4c168e2ae181155681740c64e91aa MD5 of 74008170fc5de4d40bcc97b8e2c6fbdb01889805c6ca456fd08134881cad0d2c 2023-05-08
FileHash-SHA1 30ea6d3b6badfa77891a2d4a3e3993c5921fe18f SHA1 of d8a777b050ba27eeb41c0035f3477882d7eafc56edfcbe1e8cef05a7e85c8b9e 2023-05-08
FileHash-SHA1 6162a7d9dd5e78ff820723e580a8448f8afbad5f SHA1 of 416e22d6b85d6633d1da000058efb3cd597b8b7df5d77a6c3456464d65a775b3 2023-05-08
FileHash-SHA1 6d1064f8ac67cdd284df5abf4e05627d8a002310 SHA1 of 8b591b5488dab8adb485ea55197148d6b39715da562537c7d8b1a79cd3639510 2023-05-08
FileHash-SHA1 7571200a475d5d8f4855f776f0591245b617fd56 SHA1 of 74008170fc5de4d40bcc97b8e2c6fbdb01889805c6ca456fd08134881cad0d2c 2023-05-08
FileHash-SHA1 8a2465a501a92c876603a6d06d4d9e956ac40765 SHA1 of 9220752302e2bca0002ea701c772b2f2306831711b1c323157ef2573f176821a 2023-05-08
FileHash-SHA256 0a577ee60ca676e49add6f266a1ee8ba5434290fa8954cc35f87546046008388 2023-05-08
FileHash-SHA256 2811f0426f23a7a3b6a8d8bb7e1bcd79e495026f4dcdc1c2fd218097c98de684 2023-05-08
FileHash-SHA256 2e18c919ad53a66622e404a96cbde15f237a7bfafed1c0896b6b7e289bc230d6 2023-05-08
FileHash-SHA256 416e22d6b85d6633d1da000058efb3cd597b8b7df5d77a6c3456464d65a775b3 2023-05-08
FileHash-SHA256 659f69d660179d0e8a5f4c2850c51a05529e0ef06ac739ca6f61fe470917ee96 2023-05-08
FileHash-SHA256 74008170fc5de4d40bcc97b8e2c6fbdb01889805c6ca456fd08134881cad0d2c 2023-05-08
FileHash-SHA256 8b591b5488dab8adb485ea55197148d6b39715da562537c7d8b1a79cd3639510 2023-05-08
FileHash-SHA256 910707dd041c13f3379115bdf93bb4984ac20b9ecafd59f93e5089ab3a141e67 2023-05-08
FileHash-SHA256 9220752302e2bca0002ea701c772b2f2306831711b1c323157ef2573f176821a 2023-05-08
FileHash-SHA256 d78fa2c475ea08f90ef6b189d2a3fddc9ead86ae43df272e9083f92f7a47aabe 2023-05-08
FileHash-SHA256 d8a777b050ba27eeb41c0035f3477882d7eafc56edfcbe1e8cef05a7e85c8b9e 2023-05-08
FileHash-SHA256 de86b0fbbd343f3fc5bb6c19a067a6f063b423132e19c6004c7b696ea1fe0c7d 2023-05-08
FileHash-SHA256 e54a2581545477882a1b7c1f9cbb74fb2aa97fcf1ee8b097c8085302ed6fbf36 2023-05-08
URL https://jp.yelove.xyz/addcontent2 2023-05-08
URL https://www.fetc-net.com 2023-05-08
URL https://www.guardsquare.com/blog/current-state-and-future-of-reversing-flutter-apps 2023-05-08
domain fetc-net.com 2023-05-08
domain fetc.net.tw 2023-05-08
hostname api.fetc-net.com 2023-05-08
hostname api.fetctw.xyz 2023-05-08
hostname api.usadmin-3.top 2023-05-08
hostname api.vpbankem.com 2023-05-08
hostname h5.spusp.xyz 2023-05-08
hostname h5.yelove.xyz 2023-05-08
hostname info1.yelove.xyz 2023-05-08
hostname jp.yelove.xyz 2023-05-08
hostname stealer.android.fluhorse.tc 2023-05-08
hostname www.fetc-net.com 2023-05-08
hostname www.guardsquare.com 2023-05-08
hostname www.pcdstl.com 2023-05-08
References (1)
↗ https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/