flubot | fcf06f3ba301946d82b2bbb7da59af21216535f7dddf2109aab1ed3d3fd3b049

Analysis

max time kernel
1702990s
max time network
185s
platform
android_x86
resource
android-x86-arm
submitted
13-05-2021 11:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e68fb8ee8306faaf6fd952333d4c1a4d.apk
Size

4.0MB
MD5

e68fb8ee8306faaf6fd952333d4c1a4d
SHA1

dae7975fe9dd29908d1ac4db5824d7036f46b533
SHA256

fcf06f3ba301946d82b2bbb7da59af21216535f7dddf2109aab1ed3d3fd3b049
SHA512

10dd19dc91fab497e17618b11f07bca08770b56470db63886bf5bdd2ce787e4604cc5d52c4595994ca7783c682f05c27a57a37d3d0cebe00c3266b54ca79c0e6

Score

10^/10

flubot banker infostealer trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot Payload 3 IoCs

Processes:

resource	yara_rule
/data/user/0/sting.castle.immense/app_DynamicOptDex/kQhqZb.json	family_flubot
/data/user/0/sting.castle.immense/app_DynamicOptDex/oat/x86/kQhqZb.vdex	family_flubot
/data/user/0/sting.castle.immense/app_DynamicOptDex/kQhqZb.json	family_flubot

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

sting.castle.immense/system/bin/dex2oat

ioc	pid	process
/data/user/0/sting.castle.immense/app_DynamicOptDex/kQhqZb.json	5098	sting.castle.immense
/data/user/0/sting.castle.immense/app_DynamicOptDex/kQhqZb.json	5122	/system/bin/dex2oat
/data/user/0/sting.castle.immense/app_DynamicOptDex/kQhqZb.json	5098	sting.castle.immense

sting.castle.immense
1⤵
- Loads dropped Dex/Jar
PID:5098
- sting.castle.immense
  2⤵
  PID:5122
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:5122

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/sting.castle.immense/app_DynamicOptDex/kQhqZb.json

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/sting.castle.immense/app_DynamicOptDex/kQhqZb.json

MD5
40bc23344a0f46f04cf0533ae12c86b4

SHA1
4330aa71cc6bce9eac084368d207f1aeeabbec50

SHA256
e89d9804064dfff2a9890e595825a3074f88ffcbfe7c21800a9464d2aa9ab832

SHA512
e2e32639b3080412ee5a4f898c7ed8f422e854bd8e759402d21eb2620333a60170f80e21998dbe3e2ec652a3c7dc1ff8528c52d5df7a95a35046811b752d4f45

Download Submit
/data/user/0/sting.castle.immense/app_DynamicOptDex/kQhqZb.json

MD5
3e7d7af34d3504f26ca435e0cf106313

SHA1
d369bca4ec601a934969bb69909cd04c7ef526a7

SHA256
5502f89b316171cfa3c79aba4b6729c859e84f328a7f6535ec67fb13b2294b50

SHA512
c6728241a5dba91c843771489ddc6b73619307c467089da1d4317b24852f008f62aa72b31ff3b691af68688cf46eea381517a5ef2907e7e67739bf2c7fa45efb

Download Submit
/data/user/0/sting.castle.immense/app_DynamicOptDex/kQhqZb.json

MD5
42b50387744050ec65b1bf4ec025ad67

SHA1
036d5dfc2cb127782e09984415d6030ee6c441fa

SHA256
ff944cfd20b5e8f5fa43120f0a9a16e6468e5a1cf80b7e0ebbe9262cb9f3618b

SHA512
e20b0f101268f6e90b47b0a033493e36212d55b3956cd981aa342992d592ce6ee67ff61309343c736d14e26c0dd231278aa8fb47c7d54e3e66fb06dd02315a01

Download Submit
/data/user/0/sting.castle.immense/app_DynamicOptDex/kQhqZb.json.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/sting.castle.immense/app_DynamicOptDex/oat/kQhqZb.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/sting.castle.immense/app_DynamicOptDex/oat/x86/kQhqZb.odex

MD5
b00e3db13b20018d8d53e05c192f248b

SHA1
8f647aa4f59b764e204d13a9570e9371edad6a96

SHA256
0de388a7f67cbd7cbeed8a8ecfaeae0d55426e75d7969a7cbd165b60af18439e

SHA512
5e6fdd528929a84e0f7c6e52424d926fb1ac3098fbdf8dfb6f0c6ce992fb9427b90bcb6d3255beea412551cde1eb2747b27ff190e21eb15815511e5c74f4066b

Download Submit
/data/user/0/sting.castle.immense/app_DynamicOptDex/oat/x86/kQhqZb.vdex

MD5
0fe1b0eaa0ed3a14f0315cc831328ec8

SHA1
d1c0f6f386ca06812218a6e094076723fe9e1819

SHA256
d81bcbb1d4db767bc9b6b5b4b2c75ab73a68293d11f0d7e7e436f90db0da36b6

SHA512
55ee59989f523987f7943caafb7df47ebf9b238311a38264f6613d9a690ce8a7cbb86258f6be4238bcacf5c5748cd6cc6d26fd7fdf582a6f74ae33a749fa54ae

Download Submit
/data/user/0/sting.castle.immense/shared_prefs/UPS Mobile.xml

MD5
2f92991f32eabbb10e6487abf30210e7

SHA1
3d11b545d56f03cad48582352b7dd8c43d63d0b4

SHA256
662268a50009a502b91d7ef2241a8b5518696c039a0117099c47cd5bee1483a2

SHA512
d61a18ecc69b2dd9b05ee49a74f331a1698e564a593fe7e789aa4b47d2b5b383a00fee9cf0f6247061f209c0da0a6bec1753b4d8402a436dd46397eabfa7196d

Download Submit