General

  • Target

    6f740ba69a5020a316d67e0341179ad03f9820fdde6501591255e9e98b06c0ae.bin

  • Size

    4.1MB

  • Sample

    230906-1xhhaacb81

  • MD5

    c7eedb71b543a24908b74b5f9e3894d4

  • SHA1

    c080c3595c9337eb15a122e0fdd9776ee38cb347

  • SHA256

    6f740ba69a5020a316d67e0341179ad03f9820fdde6501591255e9e98b06c0ae

  • SHA512

    0c11b479fcf5914658796575674f867699a39d7b092862e5b460f7b239c005fb09954377bfbf7952a0f13f9112940193f31bf2241000d782cc5bcfc504fb93c1

  • SSDEEP

    98304:ixsR3c4OlEK4Sg7FJDEM2pHGRzUEWoMd0e4:iyJjKlpHPoMdP4

Malware Config

Targets

    • Target

      6f740ba69a5020a316d67e0341179ad03f9820fdde6501591255e9e98b06c0ae.bin

    • Size

      4.1MB

    • MD5

      c7eedb71b543a24908b74b5f9e3894d4

    • SHA1

      c080c3595c9337eb15a122e0fdd9776ee38cb347

    • SHA256

      6f740ba69a5020a316d67e0341179ad03f9820fdde6501591255e9e98b06c0ae

    • SHA512

      0c11b479fcf5914658796575674f867699a39d7b092862e5b460f7b239c005fb09954377bfbf7952a0f13f9112940193f31bf2241000d782cc5bcfc504fb93c1

    • SSDEEP

      98304:ixsR3c4OlEK4Sg7FJDEM2pHGRzUEWoMd0e4:iyJjKlpHPoMdP4

    • FluBot

      FluBot is an android banking trojan that uses overlays.

    • FluBot payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Uses Crypto APIs (Might try to encrypt user data).

    • Target

      license-ru.html

    • Size

      34KB

    • MD5

      ac6e15df193c7135c916f85fd48afecd

    • SHA1

      bc11e538662c15a478b3cbf8cbf0873b8f19ec9e

    • SHA256

      a1b20292621b8ba67ddfb61802bd12bade68f6b930ac6ad61e89c047a1f91c22

    • SHA512

      bcd3d439b0b25ba3de815f00ff92bf3545578d90d53adacc2b272b60ee8bf3d65e460d87fbdc56eec32344d8be567b1f7384fb9c8b0934b24cec39ce05b7c8e1

    • SSDEEP

      384:8JF/uQenaw/h+pMNbK+v5AKVjZI89GThAKJPrLqCu2WVgqxk/d1NDlCPjOB4WUen:4e9hDbE4nGThAUTDmI4WUE8Z+

    Score
    1/10
    • Target

      license.html

    • Size

      18KB

    • MD5

      57d40cdb2111f13e40a7c92af27d27b4

    • SHA1

      27f72955eb424eef52715ccbde22d1cb5b23f622

    • SHA256

      7dda06156acbe260754bf5cb0ff2acce418c4b2a7ddf4176fb4e2c892dd85ebc

    • SHA512

      8fa42a10812c9ef10327caf5d8b618cda0bfdcf477f7914e8448175024cbcde7ae1a5ac47eb3e1d4500ad1cb7e904a22e97c2e1956aa274182753927cddf5b0a

    • SSDEEP

      384:CwQfL6d89D4eefdN7aEGJ6Eyz6h9rx3pc/:Vo6d5eMdNbxEyaJTc/

    Score
    1/10
    • Target

      UserDict.pyc

    • Size

      11KB

    • MD5

      efcbe1f3ba66174c7498b9d02b74c84c

    • SHA1

      dbe94d3516b2b179124dbb7db5fa6241c3e6045c

    • SHA256

      94dd9035bc81842df7e50550da82db7bcf3d2786387c34bca660e0836d67e9b3

    • SHA512

      b3133caccd23b2598a10e38d08b5338426b2bd4488f984841535dd8802054619690b7763e1c38c5a61e9de1f7d15543fb0da6d91672256649022f3aa858d510d

    • SSDEEP

      192:rhktDonbVYqbaighlUFLynIxNaHH28fbKHO0uo9DIKJq70KZEJ4blivYbi5+SH5P:3nbOqbaiAqFLynIxNanBfOO0uoaKJq7G

    Score
    5/10
    • Drops file in System32 directory

    • Target

      _abcoll.pyc

    • Size

      30KB

    • MD5

      fc3696b4a60393354be0558f3e838074

    • SHA1

      14a52a71d9fd9730fd80225d6cb35b2da34aafd0

    • SHA256

      10303f6affdd674dfefe3b5e97c165d0d50218ec0a377f70c2887b76afad4183

    • SHA512

      8814525e1b5b252949621c5a935b534a47a18b34a1269161f8ebb1be6648d31f9abb515ab632f9cc3676b9433a8c30d6d211cab9b665257a80dde9643750163b

    • SSDEEP

      384:j6s8jgb7ZNW7dh8fZimJ2vlfwqqS0H/DExQ4AME6Tkc:j6s8EZNyOZimEvOqqS0HivE6Tkc

    Score
    3/10
    • Target

      _sysconfigdata.pyc

    • Size

      20KB

    • MD5

      934699af3b14cb5c632aefc2d86cb3b7

    • SHA1

      3ee3e6cadba5e72a6686e22b8a71d0000373f50e

    • SHA256

      046cc6eb5e2b675e6114962743d423e52f14c931ea35e7e117710251cc177dbf

    • SHA512

      f6ea4b0412e13cac50c820969501ba23192c9dd06066005db8dc9a63af9cd36b187e189e9a4f5dd66872d5661d38210a69a00f0893d729f84b5c993b35b6783c

    • SSDEEP

      384:f6KrM1y5Nz+bEtkjoLHvPWUS85cDWzy9uIu4JiyBK125Fk8Z:fvcm+bAAWzy9ux4JQg5PZ

    Score
    3/10
    • Target

      _weakrefset.pyc

    • Size

      11KB

    • MD5

      685d4aaf13a4f2bb43bec6340f853fa2

    • SHA1

      2cbbad3829a7ecb101e1fe58e34b8651bc153389

    • SHA256

      ac2dfa51d2edb55548f68ac15279b9e09944dda301478e2bb533e7948ed6187c

    • SHA512

      76dcca6e3b7f93155bdbac2f5f94878b710de381c5732e64ef6432f7d709d111640868ea37d70400c4805cbf65289d18a88885f446cb7a25c110cecfa652b4d2

    • SSDEEP

      192:s+2JxBMBSmGt2ob/rxBZ9qpa/awsHXqe11ZFKFbnaJ6My:Pofm5ojd9H/gHaoZQbgXy

    Score
    3/10
    • Target

      abc.pyc

    • Size

      6KB

    • MD5

      77d1073653635e1d64467985019e2804

    • SHA1

      63b8f4bdcc9b62736cdb7bb4db232e1a778dd244

    • SHA256

      6c147d0976c7e7333ec9bc7a37e5191a602b10775bed9543cea99a4b8b08a747

    • SHA512

      d00fc86e19194dcd781a9ab18cf34e008d3fedc9584a87459b64aacfea83a2e97660763a5d34c526800266d8588c85d4118ed4eb3432eea0840faa676591a7cc

    • SSDEEP

      96:l8Cx06+SenQH/0x0CenQ9ZY6kj152Hvk2aqNonSmfcTxj+k6zB+BELfwLt2C2te:62+xf8152Pk2aioXfcMVyt22

    Score
    3/10
    • Target

      copy_reg.pyc

    • Size

      5KB

    • MD5

      9131bcc5ebe103546f257340d46bea53

    • SHA1

      2d7bbbc8d3e7095cfebebe27ac2d9bc20acb37ef

    • SHA256

      aa95b3eae84b84e3cf63f65737b120aa69394bc8f91d7a6a0e11fb56da12aee0

    • SHA512

      1a5223abb04f73df775692a43e16bed606daf3736b75ccdeaf90e898a3856c5723878b7b492e19a1858844280bd9cbdab1bbea1af581a003ac0e515a3b78eb5e

    • SSDEEP

      96:U1EMLsP6SyZ2Ozlye0mpiMzkWaIoB0jkvfq1Td2wLHKnT4mIT2zHCTLRaLfhb:BcsCBDv1oRnmjYfe2SHKnT4mA2zHCTLW

    Score
    3/10
    • Target

      genericpath.pyc

    • Size

      3KB

    • MD5

      9218a22bb71073ba455b83f245af3893

    • SHA1

      04f6e152e228035575ac3a8ce950595d5f96e0f4

    • SHA256

      89a30b8bcf984d0d5538e086c2e5e76f9683d0d87c711a8fb4389331d4342807

    • SHA512

      2518d77e3d37621875768e42818c1051629fbbd0be1f213881843695f910c054dbf1cd040c855fec361f68308aa057d10a8e7efc3ac56d3664e4e812695f9e81

    Score
    3/10
    • Target

      linecache.pyc

    • Size

      3KB

    • MD5

      749ac324b80b41cc7c03720abc918cac

    • SHA1

      eae24d0aeca6f66b6233e7cb3d4b7186739be29b

    • SHA256

      fc55d0442cdf69c8762a30a66ee7231be46c5dcae3bb81177062732857d0292c

    • SHA512

      208ed9e0070bbb791dbf255b143428c6fb2ae710fd813b10a80fa6f6c3f8bd3d55caf684db444992192751677ae0033f0444e3b0e1475ce30d9d73cad6eb2596

    Score
    3/10
    • Target

      os.pyc

    • Size

      27KB

    • MD5

      d845a1698a5e4a9a3992ca514b924a52

    • SHA1

      daef45b912f6ebc4d7d6d2d1ed7234b1f7769954

    • SHA256

      ec16d78fff77115582630db2aa0167617e5e490785f634172e9570f014322f3c

    • SHA512

      5a8ba0a5c0b45812b35d3546b5c3fbc48b445aee32089417e261d3ddfea508d3df7b3536c11d662d6993a6fb09de4d234b1b1896a810da0d2d60cfc1edb9942b

    • SSDEEP

      768:BCa184aJH8ys0lG5ufiMq+7KTLrLjL1LDL3LnLnLcyW0t:oaeJH8ysAiMq+7K1Nt

    Score
    3/10
    • Target

      posixpath.pyc

    • Size

      12KB

    • MD5

      3795e4cbeec84cbd8b1073bf98cf01ac

    • SHA1

      cbe1148996ae54fdc2a873a114fd79f40da8dcd8

    • SHA256

      f17b70ec5fa6535961486cf601a3a1ea6e89f695c8ffe38d7fc7b128a1835386

    • SHA512

      d7f768a1820f37ec44835ab25b405ec84567be6e0547f99ed5ea66c9ec75fcabbf554311f1888181a024709389c4bc9d1a6dac4b5c17149def73c43ed672be18

    • SSDEEP

      384:Oo+731JjMvXW7c+XaXzFJM+7ciCYrdZPAzPLEgcv:Oo837jGXqc+XaXzFJMwciLU0ge

    Score
    3/10
    • Target

      re.pyc

    • Size

      14KB

    • MD5

      c4c8225af08a68323823b7323f15f117

    • SHA1

      a57deabed7a661d59350b5692095db9d12a0c709

    • SHA256

      4266137f82d1bf4c1b0d20d9ea0d45ba8f1aa6fca15140fe30fd0dd99d6ff21e

    • SHA512

      42ae0fb234c13a8e1f73f72c030d2585b0e062ba1b33d8743db2aa1e415b79c26bd6c687f56f8de88747ed6c090c07b723e47caa0225507609e7bf3315e0bb72

    • SSDEEP

      192:dLhuPG2DARzAuXTCQL5rPb+mPNGL6R/UX8tcFfesWtGAsZCNe7Ms:nuPjDssWPSIMX8tYfepGr1

    Score
    3/10
    • Target

      site.pyc

    • Size

      20KB

    • MD5

      da415177f27719df853538683867092c

    • SHA1

      316afbd9219b195074fe3e211752908385c7c11c

    • SHA256

      0c7c594e3a7008840c9d25ac0eaeb6f8dd1c3b4467d6851dbdc790c88ac96463

    • SHA512

      9ab1ba6b662b794b9b0b06839a8d4cf51f7ef00487c34ce1d746fa915eed05fbddbb51c99cc6b138925444dfbdbb638d8b3f7dadaa3993a1285a4dddfc142e18

    • SSDEEP

      384:Sl8YYllwXc9U8uMNC9yLSt298mLIBRCw4JmtqSUn7Q8kRU4mnE6B:NllAafuMw4GRsIBRC1Fnn0LWXnE6B

    Score
    3/10
    • Target

      sre_compile.pyc

    • Size

      12KB

    • MD5

      cdf07bd8aacf6881c2613920a544f505

    • SHA1

      e870b38edb34959884edf8568fd17c06d62f32da

    • SHA256

      26d72e06b83ecb5aa3cb7057a4bf821a91ab2d91365dca9bdcbc36eb2acb8926

    • SHA512

      5c67a0aa61b75801514cdcb077012977ad56f01a4de9541c94f58e822b3b337a762bdb0e11a7c50c65739d817879e2b1a2900f07783431c85d4851aef686c400

    • SSDEEP

      384:L3IMvxlGhOQ9cklzMaItdWLHmdYqrqsRh5+6:rTDDY6dYqrqQ+6

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
7/10

behavioral1

flubotbankerdiscoveryinfostealerransomwaretrojan
Score
10/10

behavioral2

flubotbankerinfostealertrojan
Score
10/10

behavioral3

flubotbankerinfostealertrojan
Score
10/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
3/10

behavioral9

Score
5/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10