flubot | 1330f6b64e47a7b7b8653229bd122467329f9bfe7b5cc3218d703cf1bb41420e | Triage

Submit
Reports

Overview

overview

Static

static

7

1330f6b64e...0e.apk

android_x86

1330f6b64e...0e.apk

android_x64

1330f6b64e...0e.apk

android_x64

Sharing

General

Target

1330f6b64e47a7b7b8653229bd122467329f9bfe7b5cc3218d703cf1bb41420e
Size

6.2MB
Sample

220603-hs9rvsggep
MD5

57d035c7e3688b9f5e009e66da7e8372
SHA1

06672e330825319e1c435feed1dfdd63bd38ade0
SHA256

1330f6b64e47a7b7b8653229bd122467329f9bfe7b5cc3218d703cf1bb41420e
SHA512

03ae2f10f625bbc06749b2a90b28699763e1deb034123fedb6d92f539e79d896b317a79bb262c44803c5cb2421ef7c66ef6585ec5a5883f5bb38cc6acbe8099b

Score

10^/10

flubot android banker discovery evasion infostealer ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

1330f6b64e47a7b7b8653229bd122467329f9bfe7b5cc3218d703cf1bb41420e.apk

Resource

android-x86-arm-20220310-en

flubot banker discovery evasion infostealer ransomware trojan

android_x86

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1330f6b64e47a7b7b8653229bd122467329f9bfe7b5cc3218d703cf1bb41420e.apk

Resource

android-x64-20220310-en

flubot banker infostealer ransomware trojan

android_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

1330f6b64e47a7b7b8653229bd122467329f9bfe7b5cc3218d703cf1bb41420e.apk

Resource

android-x64-arm64-20220310-en

android_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1330f6b64e47a7b7b8653229bd122467329f9bfe7b5cc3218d703cf1bb41420e
- Size
  
  6.2MB
- MD5
  
  57d035c7e3688b9f5e009e66da7e8372
- SHA1
  
  06672e330825319e1c435feed1dfdd63bd38ade0
- SHA256
  
  1330f6b64e47a7b7b8653229bd122467329f9bfe7b5cc3218d703cf1bb41420e
- SHA512
  
  03ae2f10f625bbc06749b2a90b28699763e1deb034123fedb6d92f539e79d896b317a79bb262c44803c5cb2421ef7c66ef6585ec5a5883f5bb38cc6acbe8099b
Score

10^/10

flubot banker discovery evasion infostealer ransomware trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot Payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flubotbankerdiscoveryevasioninfostealerransomwaretrojan

behavioral2

flubotbankerinfostealerransomwaretrojan

behavioral3

© 2018-2024

Terms | Privacy