flubot | a7d5405eacbc93389d694230affda4962e1f890c5bb81b89e863493665a58ca9 | Triage

Submit
Reports

Overview

overview

Static

static

7

a7d5405eac...a9.apk

android_x86

a7d5405eac...a9.apk

android_x64

a7d5405eac...a9.apk

android_x64

Sharing

General

Target

a7d5405eacbc93389d694230affda4962e1f890c5bb81b89e863493665a58ca9.apk
Size

3.4MB
Sample

220616-wxhqtsgedq
MD5

a94fce0a8083336cf473139a85a55b77
SHA1

2f80907716c46f28989b2170de553a0c371f9d16
SHA256

a7d5405eacbc93389d694230affda4962e1f890c5bb81b89e863493665a58ca9
SHA512

4e6a48f45cddd5cf7945c99fca86bd1cdcc02a64ae4c28e1322a8854f04a6c0538be7e7a15ca95af8f09d64dff316ff86d4d387d3b245b552cd0876e77f7c6a7

Score

10^/10

flubot android banker infostealer ransomware suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

a7d5405eacbc93389d694230affda4962e1f890c5bb81b89e863493665a58ca9.apk

Resource

android-x86-arm-20220310-en

flubot banker infostealer ransomware suricata trojan

android_x86

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a7d5405eacbc93389d694230affda4962e1f890c5bb81b89e863493665a58ca9.apk

Resource

android-x64-20220310-en

flubot banker infostealer ransomware suricata trojan

android_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

a7d5405eacbc93389d694230affda4962e1f890c5bb81b89e863493665a58ca9.apk

Resource

android-x64-arm64-20220310-en

flubot banker infostealer ransomware suricata trojan

android_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a7d5405eacbc93389d694230affda4962e1f890c5bb81b89e863493665a58ca9.apk
- Size
  
  3.4MB
- MD5
  
  a94fce0a8083336cf473139a85a55b77
- SHA1
  
  2f80907716c46f28989b2170de553a0c371f9d16
- SHA256
  
  a7d5405eacbc93389d694230affda4962e1f890c5bb81b89e863493665a58ca9
- SHA512
  
  4e6a48f45cddd5cf7945c99fca86bd1cdcc02a64ae4c28e1322a8854f04a6c0538be7e7a15ca95af8f09d64dff316ff86d4d387d3b245b552cd0876e77f7c6a7
Score

10^/10

flubot banker infostealer ransomware suricata trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot Payload
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

flubotbankerinfostealerransomwaresuricatatrojan

behavioral2

flubotbankerinfostealerransomwaresuricatatrojan

behavioral3

flubotbankerinfostealerransomwaresuricatatrojan

© 2018-2025

Terms | Privacy