flubot | 010e254eb6bf9494becdd888901245e1ccd03e5421a0996e59c102ac819dc202 | Triage

Submit
Reports

Overview

overview

Static

static

7

010e254eb6...02.apk

android-9-x86

010e254eb6...02.apk

android-10-x64

010e254eb6...02.apk

android-11-x64

1

Sharing

General

Target

010e254eb6bf9494becdd888901245e1ccd03e5421a0996e59c102ac819dc202
Size

3.3MB
Sample

220804-3fxxracdc3
MD5

a7b162b55d1e152244aae828a156fc40
SHA1

049e5c032000259d053998db6844b6c76b30ab5d
SHA256

010e254eb6bf9494becdd888901245e1ccd03e5421a0996e59c102ac819dc202
SHA512

24526bc5ffcf4a173bfca984af7db0f1c4141c57a09086ba385401eddd39acdc64f263f00c971cd9d9f923191b4f8c66d6b0da18fca91ccc517cba51d74ee4cd

Score

10^/10

flubot android banker discovery evasion infostealer ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

010e254eb6bf9494becdd888901245e1ccd03e5421a0996e59c102ac819dc202.apk

Resource

android-x86-arm-20220621-en

flubot banker discovery evasion infostealer ransomware trojan

android-9-x86

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

010e254eb6bf9494becdd888901245e1ccd03e5421a0996e59c102ac819dc202.apk

Resource

android-x64-20220621-en

flubot banker discovery infostealer ransomware trojan

android-10-x64

5 signatures

300 seconds

Behavioral task

behavioral3

Sample

010e254eb6bf9494becdd888901245e1ccd03e5421a0996e59c102ac819dc202.apk

Resource

android-x64-arm64-20220621-en

android-11-x64

0 signatures

300 seconds

Malware Config

Targets

- Target
  
  010e254eb6bf9494becdd888901245e1ccd03e5421a0996e59c102ac819dc202
- Size
  
  3.3MB
- MD5
  
  a7b162b55d1e152244aae828a156fc40
- SHA1
  
  049e5c032000259d053998db6844b6c76b30ab5d
- SHA256
  
  010e254eb6bf9494becdd888901245e1ccd03e5421a0996e59c102ac819dc202
- SHA512
  
  24526bc5ffcf4a173bfca984af7db0f1c4141c57a09086ba385401eddd39acdc64f263f00c971cd9d9f923191b4f8c66d6b0da18fca91ccc517cba51d74ee4cd
Score

10^/10

flubot banker discovery evasion infostealer ransomware trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flubotbankerdiscoveryevasioninfostealerransomwaretrojan

behavioral2

flubotbankerdiscoveryinfostealerransomwaretrojan

behavioral3

© 2018-2024

Terms | Privacy