General

  • Target

    06dbf0e0bfab9f74c0744b8fe.exe

  • Size

    3.8MB

  • Sample

    230705-qpascseb4z

  • MD5

    0a296c35e1d7ac2c69cd62b3de246a19

  • SHA1

    9f941ba530d50b907257f9558697cd6ba1617f80

  • SHA256

    06dbf0e0bfab9f74c0744b8fe29bec1cf48171bce9df7ff56be34a62babf15d2

  • SHA512

    44e35b961022871e634d006e575a04c1a3b0cc7d0f07ba23dbdca64435a5aec635002fc701da5f02e6755eb773c5d01699ab8a304580700c74c3a2051e5fccca

  • SSDEEP

    98304:2QJ1CPm1vI5Pzb9p9UQs6/TO41SUEsKo9xOssKR1eXl1TDr2K:2QHLIvpXRbOCJ1qs8XvD2K

Malware Config

Targets

    • Target

      06dbf0e0bfab9f74c0744b8fe.exe

    • Size

      3.8MB

    • MD5

      0a296c35e1d7ac2c69cd62b3de246a19

    • SHA1

      9f941ba530d50b907257f9558697cd6ba1617f80

    • SHA256

      06dbf0e0bfab9f74c0744b8fe29bec1cf48171bce9df7ff56be34a62babf15d2

    • SHA512

      44e35b961022871e634d006e575a04c1a3b0cc7d0f07ba23dbdca64435a5aec635002fc701da5f02e6755eb773c5d01699ab8a304580700c74c3a2051e5fccca

    • SSDEEP

      98304:2QJ1CPm1vI5Pzb9p9UQs6/TO41SUEsKo9xOssKR1eXl1TDr2K:2QHLIvpXRbOCJ1qs8XvD2K

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

    • Uses Crypto APIs (Might try to encrypt user data).

    • Target

      CardViewController.js

    • Size

      6KB

    • MD5

      ddf8217937a55422d35c43220b849862

    • SHA1

      e027fb75401d33c18a6f54e6a4942b94abdfc616

    • SHA256

      43c4b5605490b161318cf49519357ce3088abedde4fb17ac18c9968ad18fe6a3

    • SHA512

      010c2fcde2317ce8a2355e6164c6d6be54b4cf2bac71cbf801ba73ea008dfaf97b46242a2585166508957b98ffad2efaebe5921cfe2ba4aec197a4fafd955525

    • SSDEEP

      96:z82mxeteP4VLA9xtxT2mHSTyS5fQsY0TPfp4ieY+xPm0bkG/glNFC4nXlQ3:wMteuSzy2S5fQGPfp1eY/pG/QC4nXl8

    Score
    1/10
    • Target

      CloudCardViewController.js

    • Size

      4KB

    • MD5

      93f02e9ebdafbd1b11d7d2f0c91fd56f

    • SHA1

      ca18e616c9456fd3ea42acbf6af863768f2c5e6f

    • SHA256

      eb4a032eb38894bf6ea3e7b26e767409af4a26bd0f9f1f9d7a9149e6fe3c326c

    • SHA512

      b6ea67387312b058938f1b751ab75da2bbb1d80842b60699a6a91288f9151946f24e4ec8f3d69d5240aa0b459238f5abd5f39fc694d54d18eeae25444e7516b3

    • SSDEEP

      96:HbbKzL1+4kVtvrGutIlpJtcbsmCg1HOKP8JLr8JuNGwTMry:6/dKkYjCfyYLrYyGA

    Score
    1/10
    • Target

      ImagesController.js

    • Size

      2KB

    • MD5

      162782ad9c857cbdebf8f68a76c51c96

    • SHA1

      c9f8338570427b9d4320c544143c7f6560e0a6c2

    • SHA256

      9a92ac4b16a0ba1fcc634c553febc9c8b73766c7f5d9773abca73fab22098ff0

    • SHA512

      4c47fa4f5b43326b9a893cefb6c6361ebcd071cb05682dfff2bbede1e9e434b2d6f6d50096ee49addabcb2aae2c7ad21484a600ebf8556a06064bb5b6f75e6db

    Score
    1/10
    • Target

      ImgViewController.js

    • Size

      6KB

    • MD5

      5f8bad69e86a6f8739b520188df8b5b3

    • SHA1

      f7367cbaaa5c9dd1901130dab0d4597396d7d237

    • SHA256

      7fb23b3ee8ccf6e36c039c8274a213e213198e1e71af92733e678cf63927ba3c

    • SHA512

      3489586d47c143d79c2dab143f29f1aae0dd17b0e66742841fd27ecca5d5258d820d47c69e3397a41e7b12d211615dc0be4a1d0d3425933597e222a88182ccb2

    • SSDEEP

      192:toUYXCRi2Yk5S+tlsqwt4+YMRwOu8eRGg+I6dSe:aURiLvTNlNR

    Score
    1/10
    • Target

      Template.js

    • Size

      15KB

    • MD5

      a68357d731497c0e5059373c88c77769

    • SHA1

      28ad7715c30fde813e1ce367dc4b9565c4fc881e

    • SHA256

      283dc95b7bee0df45b4183b9b7501033f3841503d83f9edfdf0e85a931cb1a13

    • SHA512

      30cd20d07995ed72c3291080b8c25669aa562dd153f6876573d0825e3bc897cd298843fbc4e0d0ea1725ed40a65c0102a90a4111f913fbaff425353406d4dc76

    • SSDEEP

      192:pdw4Xj8vKXrOSZRe17W1oXA4tvKXM+/1Cyc0bLyrAlN3X3:pdXz8yXrOkRY6f4tyXtZc0bLlN3n

    Score
    1/10
    • Target

      ViewController.js

    • Size

      5KB

    • MD5

      8e0a6e07535efe25c118594aa383e184

    • SHA1

      54068de5a4d74be8303b8eb154dac3c67847c8c2

    • SHA256

      5c4786d02891f18d3cdf2363a6749cf6f059ae01ef06ed9c4c2e97fe2642892a

    • SHA512

      e9f04c26a15ac912f7a34a91b28874299a212b033b6e7e87ee5549c8c930ee275427a5c69d2b6bcf51634324b2b989b76ccb6fa33de59223d46ccc8adf8eb251

    • SSDEEP

      96:cTtlfiN6aNwWPGW6L+DmVwWjpIY9eCYehSEwg4OP3ZQM+81kJcS2SSJYlyf59pXM:Mfi7NjF6VvFIecE1NvaaccS3WY2vZUJh

    Score
    1/10
    • Target

      android_utils.js

    • Size

      1KB

    • MD5

      b27898b6152f6827c80c5cef6b5b4139

    • SHA1

      84c718d9d1a63f59bb5c5c87be36d5f6df8e0eaa

    • SHA256

      c94e79136bbd729e1b24853d81b32c4c7f370e859a16e00db58adfe78d218fcb

    • SHA512

      4dcec06e2cc7c6ed11b2ab42221bc396b9846111dec015f8b4f369590d00206c98348e09a15e4a764f440d8a2cae8ad37997688f8e17bf9b5add7bf20f866245

    Score
    1/10
    • Target

      aps-mraid.js

    • Size

      10KB

    • MD5

      c1d55bdb635f731b069bb1063afb8f2d

    • SHA1

      61a36a2366aa7e1838b91427763cef6e3627bd05

    • SHA256

      82a9efb22e2d220f9d9b4c2fb959f99cc65726e476b0875425efc2d9d8461603

    • SHA512

      077d3475b19e3a6cfdce0615c010130d32c87229553d4580798b9122e2a39b2a19cc1a687c50c27643e549718fa4993a90c8dc76dd6aee79abff21c1a7e47c8f

    • SSDEEP

      192:KiCDJIp5LQHMHP2i69SyLMnbcXn4+r/MH8CGgVHGl2yxSWfVwDEX:KJ+vQHoP2i6XMnCjMcCGgVk2S3NH

    Score
    1/10
    • Target

      attachmentCardFactory.js

    • Size

      4KB

    • MD5

      581128baab7cf52c06eaf3a506292333

    • SHA1

      f608dc8461f86370e6a00f94c76a91a379e4d21c

    • SHA256

      5a771d1f96e4c96fdd62540f64f3253469d7f8be12e030d834e8c8814f830ae8

    • SHA512

      17591edfdccac026d0ffb60be700e75521119b70b5d8489278a790eaff88183b78575d40a224811b0ac28a662edf084e14f94d47f542db85dfda4b273080bdca

    • SSDEEP

      48:dM/H3111+wSFsShwfq8CU/mpOnIOemUKa2/mHIS/xF8YDXzrHZoT4wXiz36LxAcN:dM/EXnUuizemUKJuN8YDXPHZorXiaW0

    Score
    1/10
    • Target

      attachmentsController.js

    • Size

      12KB

    • MD5

      363c71a428fcbd8c849465703569a358

    • SHA1

      c8d27e21dc67a94209a67429afb12c4e338677b0

    • SHA256

      edecf1a6b0a5697d91a4e1777580cf9ce6377397daa93a18376542367cadbfdc

    • SHA512

      9cbefea630506818a80a6b7c260fa515fc8bebd491c20901e85ca0a1030671bce93ba687cffe613edb7a5987747efe56e8a9a23209ed41a8dd6f9e1175967543

    • SSDEEP

      192:P0W6whhj4Qo5NRgjX01oCPD21ziCF5/qem4+pJgvkdAXf9ziiigzXS8KggHdyx4V:P0W6uCQo/yp54gvkKziiBPKTR2SJ

    Score
    1/10
    • Target

      autoSaveController.js

    • Size

      1KB

    • MD5

      a79a7ae165f297a0f83adacd54d9406a

    • SHA1

      9ced7645af7480d6fd919f5e7b459914ea5dce0c

    • SHA256

      cc47dfc973e3ce803cb4fa408114b32a50dca1ca1f848f710e73083dbc6e3284

    • SHA512

      b2d120e01e290730b0d54c5c909be41a2fbcd6c6f5450ae83f7a86dd716c3b608a6e731dfd08cbd2a0a1804bc76e57f49dade42caf10e7f7299d8d63a86607eb

    Score
    1/10
    • Target

      ccBccFromSummaryFieldController.js

    • Size

      4KB

    • MD5

      0dcb03b4a5823e2b22314e0865ad4411

    • SHA1

      1f5645b5912f60174438378c804aaa3dea858687

    • SHA256

      3ecc8fddbc45f8c632d09a2a6a5707403fea6771f80058219d35db0aed407b62

    • SHA512

      e470b44db17e4696e148f4bb6bb6a5705b88ab70e46319117baa31c22ca6975821300ccd4f852c34fa68283c0253d6ee8d0fa695d27034c4a95e742e0a98d525

    • SSDEEP

      96:d9VynbUs8EMn5p8RJVst9MMV536eaf1PUOUnXzTPdE:dC6p6eaf1P3gXzjdE

    Score
    1/10
    • Target

      composeContentFocusController.js

    • Size

      7KB

    • MD5

      4aeedcb1b612944859317ba99e5fa44b

    • SHA1

      69c83cdd30eceb650fe85b20f3ed3f1506aee720

    • SHA256

      b04907cd7199539295b0bfd16959173f57a357c1b594eb6d9a6162cdaab39a3a

    • SHA512

      c2ad7592090800b483a867b1977de2abb875cd21e5f3fae60c780510e830ac7d6d9059a8a18ce609ae4be26ec7f46e09665b5ccd92a56072116b596105beac29

    • SSDEEP

      192:PGwJm56Jz6ei33tDBf/9OVhwkWcYh58SCxY:526JOBtpEavXJ

    Score
    1/10
    • Target

      composer.html

    • Size

      13KB

    • MD5

      1023ad498f59e13bfeca0c7fbebeea52

    • SHA1

      6260356b214f66218f9ca43ecad84cd0c27995c2

    • SHA256

      d0517bb25ed43dc2056ad3d913f103c42d3fa4fa246415b5c1fdae777f021c2e

    • SHA512

      8c8e3b96d0c5399e0152e57ed9589cd794aae6b32e4df11aad41ce3051d5105623a9e6fe3a38aa2c0127ec3d30b65cbc0e889b01885423dc2bbbc28945649462

    • SSDEEP

      96:ajjiRgkTwNIvxoeRI6LTfWYry9uLF3ztrqwM51IB8jFuSIr0ybDp:c+RgS1vry9uZtrq37IB8jFuSybN

    Score
    1/10
    • Target

      composer.js

    • Size

      17KB

    • MD5

      9e18f65c7042db6ce3b1f98c40a8cdaf

    • SHA1

      b574082a3e50f11db8b06bcbcfdb27ae0cff8e7e

    • SHA256

      69f8a69df5ab97aaa947137d93ef20ac1dc4ec725e7611ed772f17ec620c8df8

    • SHA512

      2ce1f489b961a4895f7f3f0d11f6a1f9dee52c34bf3544184bbebb0ff7546ee8d5c05b52208870a82814f09f72697492fc5cc350db202e2857d5897007aa769b

    • SSDEEP

      384:BOmUDWYhIW/6I/K8DLTj+wj5e6UV6HqLzffPl/:BOmUDWYhIW/6I/K8DLTj+wj5e6UzHPZ

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
7/10

behavioral1

flubotbankerevasioninfostealerransomwaretrojan
Score
10/10

behavioral2

flubotbankerinfostealerransomwaretrojan
Score
10/10

behavioral3

flubotbankerevasioninfostealerransomwaretrojan
Score
10/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.