flubot | 1dc84f5f1ee6daf33f5da0d0d82f252c64274a771c6214170eae441d18447fea | Triage

Submit
Reports

Overview

overview

Static

static

7

1dc84f5f1e...ea.apk

android_x86

1dc84f5f1e...ea.apk

android_x64

1dc84f5f1e...ea.apk

android_x64

1

Sharing

General

Target

1dc84f5f1ee6daf33f5da0d0d82f252c64274a771c6214170eae441d18447fea
Size

4.8MB
Sample

220616-xdq4jagffk
MD5

d086e98cc813dc57c3b2b9a299ae2928
SHA1

94078ef7ca8fbecd5194f082902ca991650e29e7
SHA256

1dc84f5f1ee6daf33f5da0d0d82f252c64274a771c6214170eae441d18447fea
SHA512

dfccb95a17e570225938bfa82d6a9d8c1f22e172e45c8a357b3a05d64ba670d372d69d38e92d9250191f10db454a2246d2ab5877fb759ee0bd2bd33b199a16cc

Score

10^/10

flubot android banker evasion infostealer ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

1dc84f5f1ee6daf33f5da0d0d82f252c64274a771c6214170eae441d18447fea.apk

Resource

android-x86-arm-20220310-en

flubot banker evasion infostealer ransomware trojan

android_x86

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1dc84f5f1ee6daf33f5da0d0d82f252c64274a771c6214170eae441d18447fea.apk

Resource

android-x64-20220310-en

flubot banker infostealer ransomware trojan

android_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

1dc84f5f1ee6daf33f5da0d0d82f252c64274a771c6214170eae441d18447fea.apk

Resource

android-x64-arm64-20220310-en

android_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1dc84f5f1ee6daf33f5da0d0d82f252c64274a771c6214170eae441d18447fea
- Size
  
  4.8MB
- MD5
  
  d086e98cc813dc57c3b2b9a299ae2928
- SHA1
  
  94078ef7ca8fbecd5194f082902ca991650e29e7
- SHA256
  
  1dc84f5f1ee6daf33f5da0d0d82f252c64274a771c6214170eae441d18447fea
- SHA512
  
  dfccb95a17e570225938bfa82d6a9d8c1f22e172e45c8a357b3a05d64ba670d372d69d38e92d9250191f10db454a2246d2ab5877fb759ee0bd2bd33b199a16cc
Score

10^/10

flubot banker evasion infostealer ransomware trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot Payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

flubotbankerevasioninfostealerransomwaretrojan

behavioral2

flubotbankerinfostealerransomwaretrojan

behavioral3

© 2018-2024

Terms | Privacy