flubot | 2d5db9673b6ea665fdb9a9cb321b7bde69048fb27f80ba1071b22b9e78855484

Analysis

max time kernel
4062788s
max time network
161s
platform
android_x64
resource
android-x64-arm64-20220621-en
submitted
12-07-2022 11:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

flubot_08d8dd235769dc19fb062299d749e4a91b19ef5ec532b3ce5d2d3edcc7667799.apk
Size

2.9MB
MD5

6b5da3300ced10ba3a623e5e1237ad1e
SHA1

1918850207a582012c541b24e0dfa243f0a90671
SHA256

08d8dd235769dc19fb062299d749e4a91b19ef5ec532b3ce5d2d3edcc7667799
SHA512

ab3521226f60d5ef83e29e74e9d3fb979450a2da8c9909ee6997b8af5288f2b5170f9e387de3681c670490d9af27e47efcacd2b6e868c6905bcbf0f29adbf93b

Score

10^/10

flubot banker discovery infostealer ransomware trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot payload 1 IoCs

resource	yara_rule
behavioral3/memory/4434-0.dex	family_flubot

Makes use of the framework's Accessibility service. 1 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.qqmusic

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.tencent.qqmusic/FFg8hU9pUG/IpaUfifITIf87pu/base.apk.gi8ugIh1.7qg	4434	com.tencent.qqmusic

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
63	ipinfo.io

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.qqmusic

com.tencent.qqmusic
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4434

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.qqmusic/FFg8hU9pUG/IpaUfifITIf87pu/base.apk.gi8ugIh1.7qg

Filesize
2.0MB

MD5
9718564b4725c3e9249c4bd85c01b1be

SHA1
4715c01f92b4f100b464d2602f89d5c463daa670

SHA256
237bfcb9eda5f8350c48fee459d41da1610b2271e46518e5307c2f64571fc687

SHA512
74488917d6983ed701131c36d0c09f942127e627ab1dfb379b93b0161d668a863862ac14d95fadae90246482320265db806cfc4eef330e0b744124e0728009e8

Download Submit