flubot | 16427dc764ddd03c890ccafa61121597ef663cba3e3a58fc6904daf644467a7c | Triage

Submit
Reports

Overview

overview

Static

static

7

16427dc764...7c.apk

android-9-x86

16427dc764...7c.apk

android-10-x64

16427dc764...7c.apk

android-11-x64

Sharing

General

Target

16427dc764ddd03c890ccafa61121597ef663cba3e3a58fc6904daf644467a7c.apk
Size

5.4MB
Sample

220912-t3nsxshddq
MD5

098b5ec115662385d761042806d85492
SHA1

a66cf97d9458f7c3b568f801a99f54f9bde14efe
SHA256

16427dc764ddd03c890ccafa61121597ef663cba3e3a58fc6904daf644467a7c
SHA512

898bb420badffdfeba358dd290dba02238b7acf166080b55a8189c76f532865878ccf8fc4f02ae542469eef2d80414f9fbfd2e7fe9280ff1c26c0a875cc8b918
SSDEEP

98304:Bg3vvJeZDDJkZlLbgOQ0vUMO01QfEuhd5YJ7Efhm1dSScc0uDObtPxK:G3HJq3S1Q0MMTyhd5wNbSPcebtU

Score

10^/10

flubot android banker discovery evasion infostealer ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

16427dc764ddd03c890ccafa61121597ef663cba3e3a58fc6904daf644467a7c.apk

Resource

android-x86-arm-20220823-en

flubot banker discovery evasion infostealer ransomware trojan

android-9-x86

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

16427dc764ddd03c890ccafa61121597ef663cba3e3a58fc6904daf644467a7c.apk

Resource

android-x64-20220823-en

flubot banker infostealer trojan

android-10-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

16427dc764ddd03c890ccafa61121597ef663cba3e3a58fc6904daf644467a7c.apk

Resource

android-x64-arm64-20220823-en

flubot banker discovery evasion infostealer ransomware trojan

android-11-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  16427dc764ddd03c890ccafa61121597ef663cba3e3a58fc6904daf644467a7c.apk
- Size
  
  5.4MB
- MD5
  
  098b5ec115662385d761042806d85492
- SHA1
  
  a66cf97d9458f7c3b568f801a99f54f9bde14efe
- SHA256
  
  16427dc764ddd03c890ccafa61121597ef663cba3e3a58fc6904daf644467a7c
- SHA512
  
  898bb420badffdfeba358dd290dba02238b7acf166080b55a8189c76f532865878ccf8fc4f02ae542469eef2d80414f9fbfd2e7fe9280ff1c26c0a875cc8b918
- SSDEEP
  
  98304:Bg3vvJeZDDJkZlLbgOQ0vUMO01QfEuhd5YJ7Efhm1dSScc0uDObtPxK:G3HJq3S1Q0MMTyhd5wNbSPcebtU
Score

10^/10

flubot banker discovery evasion infostealer ransomware trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flubotbankerdiscoveryevasioninfostealerransomwaretrojan

behavioral2

flubotbankerinfostealertrojan

behavioral3

flubotbankerdiscoveryevasioninfostealerransomwaretrojan

© 2018-2024

Terms | Privacy