flubot | 446c6ef506cdc21f0c207f5de701fe1170bf4b2f2a7874c9d957b41702ea398d | Triage

Submit
Reports

Overview

overview

Static

static

7

DHLx25.apk

android-9-x86

DHLx25.apk

android-10-x64

DHLx25.apk

android-11-x64

Sharing

General

Target

DHLx25.apk
Size

4.5MB
Sample

220824-nqnphacgdn
MD5

6c0c1ee3e7975428e7c1423275598148
SHA1

7c0d4db1a811ac5b309862096fd83369488f479c
SHA256

446c6ef506cdc21f0c207f5de701fe1170bf4b2f2a7874c9d957b41702ea398d
SHA512

4a7a71d2fd2b2ee916219a1575526de5a2e3c1c2d5bc1142799fd633cb74e6310e5836a68ad11744e3b4e29740fe0f41c650f2e8e64053c21f76c21a4e752d0c
SSDEEP

98304:FMX/zsBkQwFIpogLIdEwviHkTDvfMdTfrXkJ+r1/94fAPbYj3W3w19:FowBDwINIawsk3p8r+D3d

Score

10^/10

flubot android banker discovery evasion infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DHLx25.apk

Resource

android-x86-arm-20220823-en

flubot banker discovery evasion infostealer trojan

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

DHLx25.apk

Resource

android-x64-20220823-en

flubot banker infostealer trojan

android-10-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

DHLx25.apk

Resource

android-x64-arm64-20220823-en

flubot banker evasion infostealer trojan

android-11-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  DHLx25.apk
- Size
  
  4.5MB
- MD5
  
  6c0c1ee3e7975428e7c1423275598148
- SHA1
  
  7c0d4db1a811ac5b309862096fd83369488f479c
- SHA256
  
  446c6ef506cdc21f0c207f5de701fe1170bf4b2f2a7874c9d957b41702ea398d
- SHA512
  
  4a7a71d2fd2b2ee916219a1575526de5a2e3c1c2d5bc1142799fd633cb74e6310e5836a68ad11744e3b4e29740fe0f41c650f2e8e64053c21f76c21a4e752d0c
- SSDEEP
  
  98304:FMX/zsBkQwFIpogLIdEwviHkTDvfMdTfrXkJ+r1/94fAPbYj3W3w19:FowBDwINIawsk3p8r+D3d
Score

10^/10

flubot banker discovery evasion infostealer trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flubotbankerdiscoveryevasioninfostealertrojan

behavioral2

flubotbankerinfostealertrojan

behavioral3

flubotbankerevasioninfostealertrojan

© 2018-2024

Terms | Privacy