flubot | 4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c | Triage

Submit
Reports

Overview

overview

Static

static

7

4859ab9cd5...8c.apk

android_x86

4859ab9cd5...8c.apk

android_x64

4859ab9cd5...8c.apk

android_x64

Sharing

General

Target

4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c
Size

6.0MB
Sample

220616-wydhhabaf6
MD5

06371fc75740162de9e6275102012e6c
SHA1

9b45243e89541ae26fea5ff2b9c7d14ff69044ed
SHA256

4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c
SHA512

c865d89143effb176c4be93fc16f54e06d248f5b7e22ffbf19754137f9da181f6d7f6019cdb28d2d7964375b1978a255c475dd3d17487fddb9fa0e4eda8bf248

Score

10^/10

flubot android banker discovery evasion infostealer ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c.apk

Resource

android-x86-arm-20220310-en

flubot banker discovery evasion infostealer ransomware trojan

android_x86

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c.apk

Resource

android-x64-20220310-en

flubot banker infostealer ransomware trojan

android_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c.apk

Resource

android-x64-arm64-20220310-en

flubot banker discovery evasion infostealer ransomware trojan

android_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c
- Size
  
  6.0MB
- MD5
  
  06371fc75740162de9e6275102012e6c
- SHA1
  
  9b45243e89541ae26fea5ff2b9c7d14ff69044ed
- SHA256
  
  4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c
- SHA512
  
  c865d89143effb176c4be93fc16f54e06d248f5b7e22ffbf19754137f9da181f6d7f6019cdb28d2d7964375b1978a255c475dd3d17487fddb9fa0e4eda8bf248
Score

10^/10

flubot banker discovery evasion infostealer ransomware trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot Payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flubotbankerdiscoveryevasioninfostealerransomwaretrojan

behavioral2

flubotbankerinfostealerransomwaretrojan

behavioral3

flubotbankerdiscoveryevasioninfostealerransomwaretrojan

© 2018-2025

Terms | Privacy