flubot | fcf06f3ba301946d82b2bbb7da59af21216535f7dddf2109aab1ed3d3fd3b049 | Triage

Analysis

max time kernel
1702990s
max time network
185s
platform
android_x86
resource
android-x86-arm
submitted
13-05-2021 11:32

Sharing

Report Analysis Logs

General

Target

e68fb8ee8306faaf6fd952333d4c1a4d.apk
Size

4.0MB
MD5

e68fb8ee8306faaf6fd952333d4c1a4d
SHA1

dae7975fe9dd29908d1ac4db5824d7036f46b533
SHA256

fcf06f3ba301946d82b2bbb7da59af21216535f7dddf2109aab1ed3d3fd3b049
SHA512

10dd19dc91fab497e17618b11f07bca08770b56470db63886bf5bdd2ce787e4604cc5d52c4595994ca7783c682f05c27a57a37d3d0cebe00c3266b54ca79c0e6

Score

10^/10

flubot banker infostealer trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot Payload 3 IoCs

resource	yara_rule
behavioral1/memory/5098-0.dex	family_flubot
behavioral1/files/5098-2.dat	family_flubot
behavioral1/memory/5098-1.dex	family_flubot

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/sting.castle.immense/app_DynamicOptDex/kQhqZb.json	5098	sting.castle.immense
/data/user/0/sting.castle.immense/app_DynamicOptDex/kQhqZb.json	5122	/system/bin/dex2oat
/data/user/0/sting.castle.immense/app_DynamicOptDex/kQhqZb.json	5098	sting.castle.immense

sting.castle.immense
1⤵
- Loads dropped Dex/Jar
PID:5098
- sting.castle.immense
  2⤵
  PID:5122
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:5122

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads