flubot

Sharing

Copy URL

Twitter E-mail

General

Target

base.apk
Size

3.3MB
Sample

230612-h8ypjabe91
MD5

15328ea6d31bef8ddd15a81e0f5a549b
SHA1

c52f12651d91a9bf0d625a879b34d194eba69ed4
SHA256

a778818cc08d213d1f66db5fa8b34aabc862569ecb99fd1aea37ff6ccab48400
SHA512

5939a527d289315ff6d354bbd6e834ae9b3f452aebc54114a0fb46cb5422e5537ff0592aa62fbd20d753162f6a3ae56cfd97c4320613d1377a9b5a7d6a525336
SSDEEP

49152:qLzu436uB6iejEyNRe1kqqGI18iNwDelhcTUr4T1S0NwBbGJ3H5+ELr42SKn2IQI:qHuKB6BzReWqqGWNN8g4ETBaJ7n2Izl

Score

10^/10

Malware Config

Targets

- Target
  
  base.apk
- Size
  
  3.3MB
- MD5
  
  15328ea6d31bef8ddd15a81e0f5a549b
- SHA1
  
  c52f12651d91a9bf0d625a879b34d194eba69ed4
- SHA256
  
  a778818cc08d213d1f66db5fa8b34aabc862569ecb99fd1aea37ff6ccab48400
- SHA512
  
  5939a527d289315ff6d354bbd6e834ae9b3f452aebc54114a0fb46cb5422e5537ff0592aa62fbd20d753162f6a3ae56cfd97c4320613d1377a9b5a7d6a525336
- SSDEEP
  
  49152:qLzu436uB6iejEyNRe1kqqGI18iNwDelhcTUr4T1S0NwBbGJ3H5+ELr42SKn2IQI:qHuKB6BzReWqqGWNN8g4ETBaJ7n2Izl
Score

10^/10

flubot banker discovery evasion infostealer trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3
- Target
  
  Zw6IGlco.ppt
- Size
  
  858KB
- MD5
  
  8148fdd8a42ed51a318d6171f8b27109
- SHA1
  
  65b324c70264c6b8442601c74bc0755e70b9768c
- SHA256
  
  eff54ee3e4c42998b978e3ad85f08f6ca5b03836ea56d76d7cacfe0906fec0a4
- SHA512
  
  f0518d0e17c2855bec41d1b5767755edd6fd6c747da741e78a8351b7e8e0de8c7b9f80ff44dea8289557fee35da3de5e0101310ca9a2998922be94dfebf22c7a
- SSDEEP
  
  24576:IQbHPVatL2naYSfu5rC+/sQsuAP2//IZJ:IQbHPjEu5rCYsQBBIX
Score

1^/10
behavioral4 behavioral5
- Target
  
  license-ru.html
- Size
  
  34KB
- MD5
  
  ac6e15df193c7135c916f85fd48afecd
- SHA1
  
  bc11e538662c15a478b3cbf8cbf0873b8f19ec9e
- SHA256
  
  a1b20292621b8ba67ddfb61802bd12bade68f6b930ac6ad61e89c047a1f91c22
- SHA512
  
  bcd3d439b0b25ba3de815f00ff92bf3545578d90d53adacc2b272b60ee8bf3d65e460d87fbdc56eec32344d8be567b1f7384fb9c8b0934b24cec39ce05b7c8e1
- SSDEEP
  
  384:8JF/uQenaw/h+pMNbK+v5AKVjZI89GThAKJPrLqCu2WVgqxk/d1NDlCPjOB4WUen:4e9hDbE4nGThAUTDmI4WUE8Z+
Score

1^/10
behavioral6 behavioral7
- Target
  
  license.html
- Size
  
  18KB
- MD5
  
  57d40cdb2111f13e40a7c92af27d27b4
- SHA1
  
  27f72955eb424eef52715ccbde22d1cb5b23f622
- SHA256
  
  7dda06156acbe260754bf5cb0ff2acce418c4b2a7ddf4176fb4e2c892dd85ebc
- SHA512
  
  8fa42a10812c9ef10327caf5d8b618cda0bfdcf477f7914e8448175024cbcde7ae1a5ac47eb3e1d4500ad1cb7e904a22e97c2e1956aa274182753927cddf5b0a
- SSDEEP
  
  384:CwQfL6d89D4eefdN7aEGJ6Eyz6h9rx3pc/:Vo6d5eMdNbxEyaJTc/
Score

1^/10
behavioral8 behavioral9
- Target
  
  UserDict.pyc
- Size
  
  11KB
- MD5
  
  efcbe1f3ba66174c7498b9d02b74c84c
- SHA1
  
  dbe94d3516b2b179124dbb7db5fa6241c3e6045c
- SHA256
  
  94dd9035bc81842df7e50550da82db7bcf3d2786387c34bca660e0836d67e9b3
- SHA512
  
  b3133caccd23b2598a10e38d08b5338426b2bd4488f984841535dd8802054619690b7763e1c38c5a61e9de1f7d15543fb0da6d91672256649022f3aa858d510d
- SSDEEP
  
  192:rhktDonbVYqbaighlUFLynIxNaHH28fbKHO0uo9DIKJq70KZEJ4blivYbi5+SH5P:3nbOqbaiAqFLynIxNanBfOO0uoaKJq7G
Score

3^/10
behavioral10 behavioral11
- Target
  
  _abcoll.pyc
- Size
  
  30KB
- MD5
  
  fc3696b4a60393354be0558f3e838074
- SHA1
  
  14a52a71d9fd9730fd80225d6cb35b2da34aafd0
- SHA256
  
  10303f6affdd674dfefe3b5e97c165d0d50218ec0a377f70c2887b76afad4183
- SHA512
  
  8814525e1b5b252949621c5a935b534a47a18b34a1269161f8ebb1be6648d31f9abb515ab632f9cc3676b9433a8c30d6d211cab9b665257a80dde9643750163b
- SSDEEP
  
  384:j6s8jgb7ZNW7dh8fZimJ2vlfwqqS0H/DExQ4AME6Tkc:j6s8EZNyOZimEvOqqS0HivE6Tkc
Score

3^/10
behavioral12 behavioral13
- Target
  
  _sysconfigdata.pyc
- Size
  
  20KB
- MD5
  
  934699af3b14cb5c632aefc2d86cb3b7
- SHA1
  
  3ee3e6cadba5e72a6686e22b8a71d0000373f50e
- SHA256
  
  046cc6eb5e2b675e6114962743d423e52f14c931ea35e7e117710251cc177dbf
- SHA512
  
  f6ea4b0412e13cac50c820969501ba23192c9dd06066005db8dc9a63af9cd36b187e189e9a4f5dd66872d5661d38210a69a00f0893d729f84b5c993b35b6783c
- SSDEEP
  
  384:f6KrM1y5Nz+bEtkjoLHvPWUS85cDWzy9uIu4JiyBK125Fk8Z:fvcm+bAAWzy9ux4JQg5PZ
Score

3^/10
behavioral14 behavioral15
- Target
  
  _weakrefset.pyc
- Size
  
  11KB
- MD5
  
  685d4aaf13a4f2bb43bec6340f853fa2
- SHA1
  
  2cbbad3829a7ecb101e1fe58e34b8651bc153389
- SHA256
  
  ac2dfa51d2edb55548f68ac15279b9e09944dda301478e2bb533e7948ed6187c
- SHA512
  
  76dcca6e3b7f93155bdbac2f5f94878b710de381c5732e64ef6432f7d709d111640868ea37d70400c4805cbf65289d18a88885f446cb7a25c110cecfa652b4d2
- SSDEEP
  
  192:s+2JxBMBSmGt2ob/rxBZ9qpa/awsHXqe11ZFKFbnaJ6My:Pofm5ojd9H/gHaoZQbgXy
Score

3^/10
behavioral16 behavioral17
- Target
  
  abc.pyc
- Size
  
  6KB
- MD5
  
  77d1073653635e1d64467985019e2804
- SHA1
  
  63b8f4bdcc9b62736cdb7bb4db232e1a778dd244
- SHA256
  
  6c147d0976c7e7333ec9bc7a37e5191a602b10775bed9543cea99a4b8b08a747
- SHA512
  
  d00fc86e19194dcd781a9ab18cf34e008d3fedc9584a87459b64aacfea83a2e97660763a5d34c526800266d8588c85d4118ed4eb3432eea0840faa676591a7cc
- SSDEEP
  
  96:l8Cx06+SenQH/0x0CenQ9ZY6kj152Hvk2aqNonSmfcTxj+k6zB+BELfwLt2C2te:62+xf8152Pk2aioXfcMVyt22
Score

3^/10
behavioral18 behavioral19
- Target
  
  copy_reg.pyc
- Size
  
  5KB
- MD5
  
  9131bcc5ebe103546f257340d46bea53
- SHA1
  
  2d7bbbc8d3e7095cfebebe27ac2d9bc20acb37ef
- SHA256
  
  aa95b3eae84b84e3cf63f65737b120aa69394bc8f91d7a6a0e11fb56da12aee0
- SHA512
  
  1a5223abb04f73df775692a43e16bed606daf3736b75ccdeaf90e898a3856c5723878b7b492e19a1858844280bd9cbdab1bbea1af581a003ac0e515a3b78eb5e
- SSDEEP
  
  96:U1EMLsP6SyZ2Ozlye0mpiMzkWaIoB0jkvfq1Td2wLHKnT4mIT2zHCTLRaLfhb:BcsCBDv1oRnmjYfe2SHKnT4mA2zHCTLW
Score

3^/10
behavioral20 behavioral21
- Target
  
  genericpath.pyc
- Size
  
  3KB
- MD5
  
  9218a22bb71073ba455b83f245af3893
- SHA1
  
  04f6e152e228035575ac3a8ce950595d5f96e0f4
- SHA256
  
  89a30b8bcf984d0d5538e086c2e5e76f9683d0d87c711a8fb4389331d4342807
- SHA512
  
  2518d77e3d37621875768e42818c1051629fbbd0be1f213881843695f910c054dbf1cd040c855fec361f68308aa057d10a8e7efc3ac56d3664e4e812695f9e81
Score

3^/10
behavioral22 behavioral23
- Target
  
  linecache.pyc
- Size
  
  3KB
- MD5
  
  749ac324b80b41cc7c03720abc918cac
- SHA1
  
  eae24d0aeca6f66b6233e7cb3d4b7186739be29b
- SHA256
  
  fc55d0442cdf69c8762a30a66ee7231be46c5dcae3bb81177062732857d0292c
- SHA512
  
  208ed9e0070bbb791dbf255b143428c6fb2ae710fd813b10a80fa6f6c3f8bd3d55caf684db444992192751677ae0033f0444e3b0e1475ce30d9d73cad6eb2596
Score

3^/10
behavioral24 behavioral25
- Target
  
  os.pyc
- Size
  
  27KB
- MD5
  
  d845a1698a5e4a9a3992ca514b924a52
- SHA1
  
  daef45b912f6ebc4d7d6d2d1ed7234b1f7769954
- SHA256
  
  ec16d78fff77115582630db2aa0167617e5e490785f634172e9570f014322f3c
- SHA512
  
  5a8ba0a5c0b45812b35d3546b5c3fbc48b445aee32089417e261d3ddfea508d3df7b3536c11d662d6993a6fb09de4d234b1b1896a810da0d2d60cfc1edb9942b
- SSDEEP
  
  768:BCa184aJH8ys0lG5ufiMq+7KTLrLjL1LDL3LnLnLcyW0t:oaeJH8ysAiMq+7K1Nt
Score

3^/10
behavioral26 behavioral27
- Target
  
  posixpath.pyc
- Size
  
  12KB
- MD5
  
  3795e4cbeec84cbd8b1073bf98cf01ac
- SHA1
  
  cbe1148996ae54fdc2a873a114fd79f40da8dcd8
- SHA256
  
  f17b70ec5fa6535961486cf601a3a1ea6e89f695c8ffe38d7fc7b128a1835386
- SHA512
  
  d7f768a1820f37ec44835ab25b405ec84567be6e0547f99ed5ea66c9ec75fcabbf554311f1888181a024709389c4bc9d1a6dac4b5c17149def73c43ed672be18
- SSDEEP
  
  384:Oo+731JjMvXW7c+XaXzFJM+7ciCYrdZPAzPLEgcv:Oo837jGXqc+XaXzFJMwciLU0ge
Score

3^/10
behavioral28 behavioral29
- Target
  
  re.pyc
- Size
  
  14KB
- MD5
  
  c4c8225af08a68323823b7323f15f117
- SHA1
  
  a57deabed7a661d59350b5692095db9d12a0c709
- SHA256
  
  4266137f82d1bf4c1b0d20d9ea0d45ba8f1aa6fca15140fe30fd0dd99d6ff21e
- SHA512
  
  42ae0fb234c13a8e1f73f72c030d2585b0e062ba1b33d8743db2aa1e415b79c26bd6c687f56f8de88747ed6c090c07b723e47caa0225507609e7bf3315e0bb72
- SSDEEP
  
  192:dLhuPG2DARzAuXTCQL5rPb+mPNGL6R/UX8tcFfesWtGAsZCNe7Ms:nuPjDssWPSIMX8tYfepGr1
Score

3^/10
behavioral30 behavioral31
- Target
  
  site.pyc
- Size
  
  20KB
- MD5
  
  da415177f27719df853538683867092c
- SHA1
  
  316afbd9219b195074fe3e211752908385c7c11c
- SHA256
  
  0c7c594e3a7008840c9d25ac0eaeb6f8dd1c3b4467d6851dbdc790c88ac96463
- SHA512
  
  9ab1ba6b662b794b9b0b06839a8d4cf51f7ef00487c34ce1d746fa915eed05fbddbb51c99cc6b138925444dfbdbb638d8b3f7dadaa3993a1285a4dddfc142e18
- SSDEEP
  
  384:Sl8YYllwXc9U8uMNC9yLSt298mLIBRCw4JmtqSUn7Q8kRU4mnE6B:NllAafuMw4GRsIBRC1Fnn0LWXnE6B
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Scanning

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

FluBot payload

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Requests enabling of the accessibility settings.

Creates a large amount of network flows

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32