flubot | 65669de0e895064949130f60df5fbd94a1f30af3d5c34c8e5a22065e4334f198 | Triage

Submit
Reports

Overview

overview

Static

static

7

65669de0e8...98.apk

android-9-x86

65669de0e8...98.apk

android-10-x64

65669de0e8...98.apk

android-11-x64

Sharing

General

Target

65669de0e895064949130f60df5fbd94a1f30af3d5c34c8e5a22065e4334f198
Size

3.0MB
Sample

221026-3h4hbahhhk
MD5

8911032f30ee0ecc589bcabfb72c0573
SHA1

72802bd568b2118a7de463a451cb13e20bbd88e7
SHA256

65669de0e895064949130f60df5fbd94a1f30af3d5c34c8e5a22065e4334f198
SHA512

885159589c864b92674ddba1d12516d2b7315d757c79d87bb9179b9ef28eab2a074ac921b866846902ae566250eb55ffebfc55a50af9237ad31b3c55e09c3f59
SSDEEP

49152:g0hCpryDHH0D6gmPOroTV8asMbUCZhSFNw/wgiNcJ3W7HxTQqUonXH3twp:gbrWn0DAOroTV87w4w/b09RzUsGp

Score

10^/10

flubot android banker discovery evasion infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

65669de0e895064949130f60df5fbd94a1f30af3d5c34c8e5a22065e4334f198.apk

Resource

android-x86-arm-20220823-en

flubot banker discovery evasion infostealer trojan

android-9-x86

6 signatures

600 seconds

Behavioral task

behavioral2

Sample

65669de0e895064949130f60df5fbd94a1f30af3d5c34c8e5a22065e4334f198.apk

Resource

android-x64-20220823-en

flubot banker infostealer trojan

android-10-x64

3 signatures

600 seconds

Behavioral task

behavioral3

Sample

65669de0e895064949130f60df5fbd94a1f30af3d5c34c8e5a22065e4334f198.apk

Resource

android-x64-arm64-20220823-en

flubot banker discovery evasion infostealer trojan

android-11-x64

8 signatures

600 seconds

Malware Config

Targets

- Target
  
  65669de0e895064949130f60df5fbd94a1f30af3d5c34c8e5a22065e4334f198
- Size
  
  3.0MB
- MD5
  
  8911032f30ee0ecc589bcabfb72c0573
- SHA1
  
  72802bd568b2118a7de463a451cb13e20bbd88e7
- SHA256
  
  65669de0e895064949130f60df5fbd94a1f30af3d5c34c8e5a22065e4334f198
- SHA512
  
  885159589c864b92674ddba1d12516d2b7315d757c79d87bb9179b9ef28eab2a074ac921b866846902ae566250eb55ffebfc55a50af9237ad31b3c55e09c3f59
- SSDEEP
  
  49152:g0hCpryDHH0D6gmPOroTV8asMbUCZhSFNw/wgiNcJ3W7HxTQqUonXH3twp:gbrWn0DAOroTV87w4w/b09RzUsGp
Score

10^/10

flubot banker discovery evasion infostealer trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flubotbankerdiscoveryevasioninfostealertrojan

behavioral2

flubotbankerinfostealertrojan

behavioral3

flubotbankerdiscoveryevasioninfostealertrojan

© 2018-2024

Terms | Privacy