Overview

overview

10

Static

static

7

flubot_08d...99.apk

android_x86

1

flubot_08d...99.apk

android_x64

1

flubot_08d...99.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    flubot_08d8dd235769dc19fb062299d749e4a91b19ef5ec532b3ce5d2d3edcc7667799.zip

  • Size

    2.7MB

  • Sample

    220712-m77y2aacb3

  • MD5

    8c654d89ffd283b6aa38a19d5d8929f8

  • SHA1

    489f0f6cea8cb4b15cf9d4bb57b46115e7e64909

  • SHA256

    2d5db9673b6ea665fdb9a9cb321b7bde69048fb27f80ba1071b22b9e78855484

  • SHA512

    cdbf5cecae9e0eed47fe99f4ba8f3bbee031a1068fec2df5c7955f77f5de6fc7e222947b9f6b4ccc074a26f25b2efff761ae9c50d8a4a3b0b1a54a229ea60661

Score
10/10
flubotandroidbankerdiscoveryinfostealerransomwaretrojan

Malware Config

Targets

    • Target

      flubot_08d8dd235769dc19fb062299d749e4a91b19ef5ec532b3ce5d2d3edcc7667799.bin

    • Size

      2.9MB

    • MD5

      6b5da3300ced10ba3a623e5e1237ad1e

    • SHA1

      1918850207a582012c541b24e0dfa243f0a90671

    • SHA256

      08d8dd235769dc19fb062299d749e4a91b19ef5ec532b3ce5d2d3edcc7667799

    • SHA512

      ab3521226f60d5ef83e29e74e9d3fb979450a2da8c9909ee6997b8af5288f2b5170f9e387de3681c670490d9af27e47efcacd2b6e868c6905bcbf0f29adbf93b

    Score
    10/10
    flubotbankerdiscoveryinfostealerransomwaretrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v6

Tasks