flubot | b3406beb0c6a2c9ed4e582be6857092235f29f34c0a22b1be5bfd911cf2e0026 | Triage

Submit
Reports

Overview

overview

Static

static

8

Android APK

android_x64

Sharing

General

Target

b3406beb0c6a2c9ed4e582be6857092235f29f34c0a22b1be5bfd911cf2e0026.apk
Size

3.0MB
Sample

210809-7b5svy23dn
MD5

6e08fd5dc3f9200b0cfa6290211df9c8
SHA1

827b804ab5d38216a9aec21da6d382dc77a6451f
SHA256

b3406beb0c6a2c9ed4e582be6857092235f29f34c0a22b1be5bfd911cf2e0026
SHA512

3ad6add02639ea6b40b04f3558d1e2f271ae32ecd34ed45a5f0deb5bd557963b37465dba0cce7a86a7246957380f676cb3be9377663d39c6c88c3ff30c00211e

Score

10^/10

flubot android banker infostealer obfuscation ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

b3406beb0c6a2c9ed4e582be6857092235f29f34c0a22b1be5bfd911cf2e0026.apk

Resource

android-x64-arm64

flubot banker infostealer obfuscation ransomware trojan

android_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b3406beb0c6a2c9ed4e582be6857092235f29f34c0a22b1be5bfd911cf2e0026.apk
- Size
  
  3.0MB
- MD5
  
  6e08fd5dc3f9200b0cfa6290211df9c8
- SHA1
  
  827b804ab5d38216a9aec21da6d382dc77a6451f
- SHA256
  
  b3406beb0c6a2c9ed4e582be6857092235f29f34c0a22b1be5bfd911cf2e0026
- SHA512
  
  3ad6add02639ea6b40b04f3558d1e2f271ae32ecd34ed45a5f0deb5bd557963b37465dba0cce7a86a7246957380f676cb3be9377663d39c6c88c3ff30c00211e
Score

10^/10

flubot banker infostealer obfuscation ransomware trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot Payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Reads name of network operator
  Uses Android APIs to discover system information.
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

flubotbankerinfostealerobfuscationransomwaretrojan

© 2018-2024

Terms | Privacy