flubot | c22c7b1f473939ebaa1ae8f891065633a767a4ad84b804e1c61faa7d8ad22763 | Triage

Submit
Reports

Overview

overview

Static

static

7

c22c7b1f47...63.apk

android-9-x86

c22c7b1f47...63.apk

android-10-x64

c22c7b1f47...63.apk

android-11-x64

Sharing

General

Target

c22c7b1f473939ebaa1ae8f891065633a767a4ad84b804e1c61faa7d8ad22763
Size

3.8MB
Sample

221026-3pxcksaabr
MD5

c136b8d59db8d91ec022aa0151028e05
SHA1

9eae5b7351e1cfb35d67a78d441b9c612dce491f
SHA256

c22c7b1f473939ebaa1ae8f891065633a767a4ad84b804e1c61faa7d8ad22763
SHA512

34b0c0947f321ba8b785ed36412bbc7a59c77438962afaf0d67179232e36ab7c1d885c9f83e0384900c0c1723249f29cd8fc7548423ff647a01678d349b08fe3
SSDEEP

98304:tNerged/OIfZCj2e2GVoEnyAXaJMTp/fGCpQDM:t4rgtj2+/p93pQDM

Score

10^/10

flubot android banker discovery evasion infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c22c7b1f473939ebaa1ae8f891065633a767a4ad84b804e1c61faa7d8ad22763.apk

Resource

android-x86-arm-20220823-en

flubot banker discovery evasion infostealer trojan

android-9-x86

6 signatures

600 seconds

Behavioral task

behavioral2

Sample

c22c7b1f473939ebaa1ae8f891065633a767a4ad84b804e1c61faa7d8ad22763.apk

Resource

android-x64-20220823-en

flubot banker infostealer trojan

android-10-x64

3 signatures

600 seconds

Behavioral task

behavioral3

Sample

c22c7b1f473939ebaa1ae8f891065633a767a4ad84b804e1c61faa7d8ad22763.apk

Resource

android-x64-arm64-20220823-en

flubot banker discovery evasion infostealer trojan

android-11-x64

8 signatures

600 seconds

Malware Config

Targets

- Target
  
  c22c7b1f473939ebaa1ae8f891065633a767a4ad84b804e1c61faa7d8ad22763
- Size
  
  3.8MB
- MD5
  
  c136b8d59db8d91ec022aa0151028e05
- SHA1
  
  9eae5b7351e1cfb35d67a78d441b9c612dce491f
- SHA256
  
  c22c7b1f473939ebaa1ae8f891065633a767a4ad84b804e1c61faa7d8ad22763
- SHA512
  
  34b0c0947f321ba8b785ed36412bbc7a59c77438962afaf0d67179232e36ab7c1d885c9f83e0384900c0c1723249f29cd8fc7548423ff647a01678d349b08fe3
- SSDEEP
  
  98304:tNerged/OIfZCj2e2GVoEnyAXaJMTp/fGCpQDM:t4rgtj2+/p93pQDM
Score

10^/10

flubot banker discovery evasion infostealer trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flubotbankerdiscoveryevasioninfostealertrojan

behavioral2

flubotbankerinfostealertrojan

behavioral3

flubotbankerdiscoveryevasioninfostealertrojan

© 2018-2024

Terms | Privacy