flubot | bbe7f3bc15429196cc01935295ff6a7867b2fc501d1896b01afe62fbce2ed314 | Triage

Sharing

General

Target

bbe7f3bc15429196cc01935295ff6a7867b2fc501d1896b01afe62fbce2ed314.bin
Size

3.6MB
Sample

230731-xhgewsad75
MD5

5b38cb30eb591eeefd6893b0ec04d44b
SHA1

668c2bb8cb3d3aa9520c90b85cfb33becb2b3aea
SHA256

bbe7f3bc15429196cc01935295ff6a7867b2fc501d1896b01afe62fbce2ed314
SHA512

03602474872b49d22370db4eace3374c7f5a726ac128400ab1ec1df89af40a48d33427d9bf6b3bafbea5f1724b1b4f008c2010ac1a8b6c88a99f0c8b1678a4ca
SSDEEP

98304:9UrPJfylp4QhegEGmJHgi3nheMSQXl7rXdLdO5e3W3Y:9dlSQhegAXHDZOs3J

Score

10^/10

flubot android banker discovery infostealer trojan

Malware Config

Targets

- Target
  
  bbe7f3bc15429196cc01935295ff6a7867b2fc501d1896b01afe62fbce2ed314.bin
- Size
  
  3.6MB
- MD5
  
  5b38cb30eb591eeefd6893b0ec04d44b
- SHA1
  
  668c2bb8cb3d3aa9520c90b85cfb33becb2b3aea
- SHA256
  
  bbe7f3bc15429196cc01935295ff6a7867b2fc501d1896b01afe62fbce2ed314
- SHA512
  
  03602474872b49d22370db4eace3374c7f5a726ac128400ab1ec1df89af40a48d33427d9bf6b3bafbea5f1724b1b4f008c2010ac1a8b6c88a99f0c8b1678a4ca
- SSDEEP
  
  98304:9UrPJfylp4QhegEGmJHgi3nheMSQXl7rXdLdO5e3W3Y:9dlSQhegAXHDZOs3J
Score

10^/10

flubot banker discovery infostealer trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3
- Target
  
  appboy-html-in-app-message-javascript-component.js
- Size
  
  3KB
- MD5
  
  c12d3758fa172a40a1975cdb1f5669ac
- SHA1
  
  24c2a69c30703f3362b9b68d933f49dc681803fc
- SHA256
  
  bd5646863645108b6314045a3da03c30f0d6accf570a4bd42ce74949e1ef91df
- SHA512
  
  147106472163751dd156bf06b3bc70389c104fe4a43c06dfbd8e1398d929c752673238e78c007d01cbb7c66ae41098256618980662643123dd46ccb29efc5f9d
Score

1^/10
behavioral4 behavioral5
- Target
  
  shape_1.svg
- Size
  
  471B
- MD5
  
  d088bfa4b1e206c8c5ed88405855f767
- SHA1
  
  1cc0925ff6a38384f466560cc86b1afcadbeb15c
- SHA256
  
  2f7924e1f2537622b8617a051765bd4fe57272e9f14a37f4bbe127269c522434
- SHA512
  
  d1ceda7c098a5934f1808d9b89bcb7fa8809a1f084e915ea0c12ee9070b854ae9d625eaccee3af3db5d50a07438eeb346b01ea73463fe5e34b988a7663321b79
Score

3^/10
behavioral6 behavioral7
- Target
  
  shape_10.svg
- Size
  
  930B
- MD5
  
  5c7ef87056ccf6f4d25c2f3a6e1af143
- SHA1
  
  8537d7a037046679fad99e67289c5685d4038aed
- SHA256
  
  910edd6d58c0eeebc562a7c6834735d9ede684a8f2b21505245a56d1bf783d92
- SHA512
  
  ef40e245883ac049e6ffa3338bee672921d266f332e919cfe2de7d002174ad1f93da0081f226df787a88db7fea9ed0660785a2e495c08871b9a9592c5cc2bfce
Score

3^/10
behavioral8 behavioral9
- Target
  
  shape_11.svg
- Size
  
  3KB
- MD5
  
  e41a669c3e6eb43159445b88bfa1a7b1
- SHA1
  
  ff4e96f609a5c54a7862cecf34c2a79b04201d84
- SHA256
  
  793f5fb7b34460a778bf61729997379c1d5aa95d86c8a54150b667d4ca4ff695
- SHA512
  
  5e2839dee1a1e3c317582bb168c4cdf9a149f4a6185d2bdc631ca4f1f0fd5749540198c58b14bc48fb167e457501d0b5ab068118c1f341628c17547a84c6b81b
Score

3^/10
behavioral10 behavioral11
- Target
  
  shape_12.svg
- Size
  
  830B
- MD5
  
  e2de6b0a89c9e1d174f0cc25817d6932
- SHA1
  
  18bb110359c6fb3437f5b88f883f768718da3a21
- SHA256
  
  fda624f0337792f76df93c9f92e8bc426caf8d145146886477abf187c2d02f04
- SHA512
  
  b239dbc451ac54a01ebca23bce47854f519f0b112ee8367e1ff87c131fad049fee0c30f9d3f226e1b17e14b402bd3e0bfeaa60579db0d7bd075029b4546b09ae
Score

3^/10
behavioral12 behavioral13
- Target
  
  shape_13.svg
- Size
  
  1KB
- MD5
  
  3d0fd8a7b5d1aef37b6b2e20a27d8d94
- SHA1
  
  7ee637b68488986b51407cc319712116448ad06d
- SHA256
  
  5320b7999caaaa9e05d79c74863410ddb380bae762fb8772e27c16faecfeae60
- SHA512
  
  40bfea038ee934be19cf30360e2f6474386a9e7a4a84d4c363376ff73d661a22d54385bdbaddebf912c7dc35e4cef4ce03bbf3b7aca9e5bf30f91e658ed16313
Score

3^/10
behavioral14 behavioral15
- Target
  
  shape_14.svg
- Size
  
  1KB
- MD5
  
  033e166967c07c7cccb48d0275999169
- SHA1
  
  196dcf6448debc7d07953ea135dc0355688b1f52
- SHA256
  
  9676be618dc9a87f88e46a92014e554c4153b1f9ad97d185ec9e3dbec92ecb78
- SHA512
  
  933685c1ea659cad93e0c6c5cceffb6a1f05d201302b35e0aadfa714a4870c16d05ff4732b22d4499cb0885ee8aef263fa7ea0eefebcc6fc79c529f494eb484a
Score

3^/10
behavioral16 behavioral17
- Target
  
  shape_15.svg
- Size
  
  818B
- MD5
  
  a9146c399e0bf45c006eef5326d5e2b7
- SHA1
  
  f7a9111db0c8aae6632d9bd80f07b1669bf12389
- SHA256
  
  ee03c61de487becbb8c3288728e4a35fce048b1f8aec4ba3bb65dd61e92693b6
- SHA512
  
  ab12870b53f66af028fb71b234274c924aabc0349637bcb5c37681a3d8dcb06ff8aec627650cf1671b7e808d11987107832a5b3fda19d46ab8a2d9459c2351f4
Score

1^/10
behavioral18 behavioral19
- Target
  
  shape_16.svg
- Size
  
  1KB
- MD5
  
  d071555e770aa899a60ec89d524231f6
- SHA1
  
  d12e7658da72e21b2447a0ab017f45f45bc27afe
- SHA256
  
  d808488d2ce5c294a551dd6cab016c098f87fe5025ca4737d60e76cd391ccf12
- SHA512
  
  02190ef1bc3823fe84d79b147dc8c16ef66325175a798178324b44ca114a12a0601d5717f25f0df7219e0406528a070d6b6a10793a4c51dd461eb1fefe0cfa51
Score

3^/10
behavioral20 behavioral21
- Target
  
  shape_17.svg
- Size
  
  1KB
- MD5
  
  4eec7819cf526dc5a0ad47c4551a930a
- SHA1
  
  be218f9d9f010eaba1e97ec2b9aae39b913e4d8b
- SHA256
  
  df496ff50b4c05b3f18cba321d0e54c6baad4a05e4b68e6bd2c15c563b4ad101
- SHA512
  
  bd8497da284d26598bc6b25c2268d9651f6250bf0c26e3c96041fb1e8adc8f896dce19cc4ddffd5dcb68cc0fa2d49db853ed5cfecceefbf8bb6b18145e73054e
Score

3^/10
behavioral22 behavioral23
- Target
  
  shape_18.svg
- Size
  
  1KB
- MD5
  
  03bea92b5a80210f73284dca552a783e
- SHA1
  
  6d8c76be2d7ca6d15e7e89f9cc432866173a8b43
- SHA256
  
  cd185d4a912dd849f434d07505a9af77ddd98e2b5d7d2a40a3061dd2b12978a3
- SHA512
  
  91bbee4dfc04ee1e8875f6213fec804ffc0a4d8ce584df2eb8191b90a6d1f76685a8c3bbcf15befdd4b71847a299d5f292f079b09a7c3ae8b94af8deb83a81d7
Score

3^/10
behavioral24 behavioral25
- Target
  
  shape_19.svg
- Size
  
  1KB
- MD5
  
  2c984aa72078254a59641ba4f07bba84
- SHA1
  
  b678fa206605d2ab07e66190666223e281d90a08
- SHA256
  
  642683939e77b6559a286a2043aa90b44a4a535e63040dee16dcb9367c65a624
- SHA512
  
  2d5d256beae6a7b4f3f85db237593cd0e5616f0989dc85ec679c249cd949be50b05114ce6f3e24ba0c831102567168a40a25158ed407e85d1e5f7de91a016443
Score

3^/10
behavioral26 behavioral27
- Target
  
  shape_2.svg
- Size
  
  1KB
- MD5
  
  f804c3c0fc87fae049b25a827c8af161
- SHA1
  
  445ad3b8c8d54a5ef32b25289d76907b4d32c9a2
- SHA256
  
  f51e36583711e18097f4526a3303cec7efa3609f96c8051a5eb4ad0c003abdab
- SHA512
  
  bdded52d78a6dfd4dd37327a752aef85cb9235a03702fec858696643b5d884970e3896b737dc1f894888ae6bc4e5b8ea2bfb7822b3ecfa87e34a7f25ffb33cc7
Score

3^/10
behavioral28 behavioral29
- Target
  
  shape_20.svg
- Size
  
  3KB
- MD5
  
  f5435cbc7107f6ca5ced160662cf7e4c
- SHA1
  
  6c57386e93e4b427f372d79d895e8448c773d505
- SHA256
  
  a6c337992c71d6b3910c6f3f5dbb9ef071e70df9f5d639ffd275ba3bbc7678c8
- SHA512
  
  729cda9e7174f2d183bfd38ed9a9cf7a81e21901e2a975dc84b53589d68fc466ec97de03a089346da8b464778ef73342467b3e55e544dbceb91cbfa8cda1e5ec
Score

3^/10
behavioral30 behavioral31
- Target
  
  shape_21.svg
- Size
  
  2KB
- MD5
  
  37690f00271a0ff1a0fbca284d53a6e3
- SHA1
  
  b81ff382620c4b4c8fbaa4dfd0f2c80d54f2ece8
- SHA256
  
  2353646e97606fdc63fe94f6ed28cea42e911bfc5a57777cf48268fecf5389f4
- SHA512
  
  a9a37ae837896d80f0c0a00fb94bcacb7be599790054b7a2e9ed833de1c8d4774d8593816420169257868ce4f8bfff11b567d6f12319de2c01876b550002be9d
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flubotbankerdiscoveryinfostealertrojan

behavioral2

flubotbankerinfostealertrojan

behavioral3

flubotbankerinfostealertrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32