flubot | 0140d7fc370864a1c693dc4159cf656f27f89c7349827fdcd5cdc8218278b6f4 | Triage

Submit
Reports

Overview

overview

Static

static

7

0140d7fc37...f4.apk

android-10-x64

0140d7fc37...f4.apk

android-11-x64

0140d7fc37...f4.apk

android-9-x86

Sharing

General

Target

0140d7fc370864a1c693dc4159cf656f27f89c7349827fdcd5cdc8218278b6f4
Size

3.1MB
Sample

230227-mgejssda3s
MD5

df5cce61f996ffd66a93aa74e43a475f
SHA1

e0ebf372b9c92ee5660a9d8f733b9b353299e5c3
SHA256

0140d7fc370864a1c693dc4159cf656f27f89c7349827fdcd5cdc8218278b6f4
SHA512

3426f36334e49c1c38f47a31f536c7b857f93dbae6036d1fadfdb7efe7b4d42020f4251d3b6874e09ad2348b75a658d0099951f06c56e940f3bb2e81f7b9f510
SSDEEP

49152:RoXoz2acQhxIPZHhBVpKawLhKHAaTYGsXEuIm/MGBozhOhz1+Nw92flvMR5yNIjG:RoC2DQhxIPBXUYg0sX3T/fTXQf1YCoZo

Score

10^/10

flubot android banker discovery evasion infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0140d7fc370864a1c693dc4159cf656f27f89c7349827fdcd5cdc8218278b6f4.apk

Resource

android-x64-20220823-en

flubot banker infostealer trojan

android-10-x64

3 signatures

300 seconds

Behavioral task

behavioral2

Sample

0140d7fc370864a1c693dc4159cf656f27f89c7349827fdcd5cdc8218278b6f4.apk

Resource

android-x64-arm64-20220823-en

flubot banker discovery evasion infostealer trojan

android-11-x64

8 signatures

300 seconds

Behavioral task

behavioral3

Sample

0140d7fc370864a1c693dc4159cf656f27f89c7349827fdcd5cdc8218278b6f4.apk

Resource

android-x86-arm-20220823-en

flubot banker discovery evasion infostealer trojan

android-9-x86

7 signatures

300 seconds

Malware Config

Targets

- Target
  
  0140d7fc370864a1c693dc4159cf656f27f89c7349827fdcd5cdc8218278b6f4
- Size
  
  3.1MB
- MD5
  
  df5cce61f996ffd66a93aa74e43a475f
- SHA1
  
  e0ebf372b9c92ee5660a9d8f733b9b353299e5c3
- SHA256
  
  0140d7fc370864a1c693dc4159cf656f27f89c7349827fdcd5cdc8218278b6f4
- SHA512
  
  3426f36334e49c1c38f47a31f536c7b857f93dbae6036d1fadfdb7efe7b4d42020f4251d3b6874e09ad2348b75a658d0099951f06c56e940f3bb2e81f7b9f510
- SSDEEP
  
  49152:RoXoz2acQhxIPZHhBVpKawLhKHAaTYGsXEuIm/MGBozhOhz1+Nw92flvMR5yNIjG:RoC2DQhxIPBXUYg0sX3T/fTXQf1YCoZo
Score

10^/10

flubot banker infostealer trojan discovery evasion
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flubotbankerinfostealertrojan

behavioral2

flubotbankerdiscoveryevasioninfostealertrojan

behavioral3

flubotbankerdiscoveryevasioninfostealertrojan

© 2018-2024

Terms | Privacy