flubot

Sharing

Copy URL

Twitter E-mail

General

Target

e93a4e8bec4e2bf47157e55be150c8fb62c38cd4ca180b473f53259fa44cdd48.7z
Size

4.0MB
Sample

230928-d9p2kahb56
MD5

d528f1d5e0e87d60f1f287f931adf1ec
SHA1

f5597304c639b9bed559911c83c69a7395a8cce7
SHA256

a617db081ad3b096a3c3255b06fb0b2eec1dfa570b06792be575f38c29199e90
SHA512

2082de37ffd76d142c2f5e2c051f2544a463d94ff413fd162e7dde5725e8ee1fa9e222f108f0580dc93c259b3430fe0eb377653e5f728acfba2d4352448b8f8c
SSDEEP

98304:zDvLzGtnRklVjm04yPrvSezmTGOJmLTuy9n:zTLS0TOezmKOsfr9n

Score

10^/10

Malware Config

Targets

- Target
  
  e93a4e8bec4e2bf47157e55be150c8fb62c38cd4ca180b473f53259fa44cdd48
- Size
  
  4.2MB
- MD5
  
  58fe07645a418f93efeeeacb04dd16c0
- SHA1
  
  62a5e53b179e4b6b66f8094db788afd2e3eb550f
- SHA256
  
  e93a4e8bec4e2bf47157e55be150c8fb62c38cd4ca180b473f53259fa44cdd48
- SHA512
  
  2b358681bc4429b34d5777f9f778a056addfd26d0497a9a5282ead8f83cbb2845b292b3fbbd4096925b39d0dd08103d586afff7b6e7a183d5f34c8ac31a44e11
- SSDEEP
  
  98304:4nXK5t8UQUNbK7+QQH5U+uR3fO09yXPzxh8wAZSKEscl:4Xe1N+7DXXxfO0yLAZA
Score

10^/10

flubot banker infostealer ransomware trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1
- Target
  
  license-ru.html
- Size
  
  34KB
- MD5
  
  ac6e15df193c7135c916f85fd48afecd
- SHA1
  
  bc11e538662c15a478b3cbf8cbf0873b8f19ec9e
- SHA256
  
  a1b20292621b8ba67ddfb61802bd12bade68f6b930ac6ad61e89c047a1f91c22
- SHA512
  
  bcd3d439b0b25ba3de815f00ff92bf3545578d90d53adacc2b272b60ee8bf3d65e460d87fbdc56eec32344d8be567b1f7384fb9c8b0934b24cec39ce05b7c8e1
- SSDEEP
  
  384:8JF/uQenaw/h+pMNbK+v5AKVjZI89GThAKJPrLqCu2WVgqxk/d1NDlCPjOB4WUen:4e9hDbE4nGThAUTDmI4WUE8Z+
Score

1^/10
behavioral2
- Target
  
  license.html
- Size
  
  18KB
- MD5
  
  57d40cdb2111f13e40a7c92af27d27b4
- SHA1
  
  27f72955eb424eef52715ccbde22d1cb5b23f622
- SHA256
  
  7dda06156acbe260754bf5cb0ff2acce418c4b2a7ddf4176fb4e2c892dd85ebc
- SHA512
  
  8fa42a10812c9ef10327caf5d8b618cda0bfdcf477f7914e8448175024cbcde7ae1a5ac47eb3e1d4500ad1cb7e904a22e97c2e1956aa274182753927cddf5b0a
- SSDEEP
  
  384:CwQfL6d89D4eefdN7aEGJ6Eyz6h9rx3pc/:Vo6d5eMdNbxEyaJTc/
Score

1^/10
behavioral3
- Target
  
  UserDict.pyc
- Size
  
  11KB
- MD5
  
  efcbe1f3ba66174c7498b9d02b74c84c
- SHA1
  
  dbe94d3516b2b179124dbb7db5fa6241c3e6045c
- SHA256
  
  94dd9035bc81842df7e50550da82db7bcf3d2786387c34bca660e0836d67e9b3
- SHA512
  
  b3133caccd23b2598a10e38d08b5338426b2bd4488f984841535dd8802054619690b7763e1c38c5a61e9de1f7d15543fb0da6d91672256649022f3aa858d510d
- SSDEEP
  
  192:rhktDonbVYqbaighlUFLynIxNaHH28fbKHO0uo9DIKJq70KZEJ4blivYbi5+SH5P:3nbOqbaiAqFLynIxNanBfOO0uoaKJq7G
Score

1^/10
behavioral4
- Target
  
  _abcoll.pyc
- Size
  
  30KB
- MD5
  
  fc3696b4a60393354be0558f3e838074
- SHA1
  
  14a52a71d9fd9730fd80225d6cb35b2da34aafd0
- SHA256
  
  10303f6affdd674dfefe3b5e97c165d0d50218ec0a377f70c2887b76afad4183
- SHA512
  
  8814525e1b5b252949621c5a935b534a47a18b34a1269161f8ebb1be6648d31f9abb515ab632f9cc3676b9433a8c30d6d211cab9b665257a80dde9643750163b
- SSDEEP
  
  384:j6s8jgb7ZNW7dh8fZimJ2vlfwqqS0H/DExQ4AME6Tkc:j6s8EZNyOZimEvOqqS0HivE6Tkc
Score

1^/10
behavioral5
- Target
  
  _sysconfigdata.pyc
- Size
  
  20KB
- MD5
  
  934699af3b14cb5c632aefc2d86cb3b7
- SHA1
  
  3ee3e6cadba5e72a6686e22b8a71d0000373f50e
- SHA256
  
  046cc6eb5e2b675e6114962743d423e52f14c931ea35e7e117710251cc177dbf
- SHA512
  
  f6ea4b0412e13cac50c820969501ba23192c9dd06066005db8dc9a63af9cd36b187e189e9a4f5dd66872d5661d38210a69a00f0893d729f84b5c993b35b6783c
- SSDEEP
  
  384:f6KrM1y5Nz+bEtkjoLHvPWUS85cDWzy9uIu4JiyBK125Fk8Z:fvcm+bAAWzy9ux4JQg5PZ
Score

1^/10
behavioral6
- Target
  
  _weakrefset.pyc
- Size
  
  11KB
- MD5
  
  685d4aaf13a4f2bb43bec6340f853fa2
- SHA1
  
  2cbbad3829a7ecb101e1fe58e34b8651bc153389
- SHA256
  
  ac2dfa51d2edb55548f68ac15279b9e09944dda301478e2bb533e7948ed6187c
- SHA512
  
  76dcca6e3b7f93155bdbac2f5f94878b710de381c5732e64ef6432f7d709d111640868ea37d70400c4805cbf65289d18a88885f446cb7a25c110cecfa652b4d2
- SSDEEP
  
  192:s+2JxBMBSmGt2ob/rxBZ9qpa/awsHXqe11ZFKFbnaJ6My:Pofm5ojd9H/gHaoZQbgXy
Score

1^/10
behavioral7
- Target
  
  abc.pyc
- Size
  
  6KB
- MD5
  
  77d1073653635e1d64467985019e2804
- SHA1
  
  63b8f4bdcc9b62736cdb7bb4db232e1a778dd244
- SHA256
  
  6c147d0976c7e7333ec9bc7a37e5191a602b10775bed9543cea99a4b8b08a747
- SHA512
  
  d00fc86e19194dcd781a9ab18cf34e008d3fedc9584a87459b64aacfea83a2e97660763a5d34c526800266d8588c85d4118ed4eb3432eea0840faa676591a7cc
- SSDEEP
  
  96:l8Cx06+SenQH/0x0CenQ9ZY6kj152Hvk2aqNonSmfcTxj+k6zB+BELfwLt2C2te:62+xf8152Pk2aioXfcMVyt22
Score

1^/10
behavioral8
- Target
  
  copy_reg.pyc
- Size
  
  5KB
- MD5
  
  9131bcc5ebe103546f257340d46bea53
- SHA1
  
  2d7bbbc8d3e7095cfebebe27ac2d9bc20acb37ef
- SHA256
  
  aa95b3eae84b84e3cf63f65737b120aa69394bc8f91d7a6a0e11fb56da12aee0
- SHA512
  
  1a5223abb04f73df775692a43e16bed606daf3736b75ccdeaf90e898a3856c5723878b7b492e19a1858844280bd9cbdab1bbea1af581a003ac0e515a3b78eb5e
- SSDEEP
  
  96:U1EMLsP6SyZ2Ozlye0mpiMzkWaIoB0jkvfq1Td2wLHKnT4mIT2zHCTLRaLfhb:BcsCBDv1oRnmjYfe2SHKnT4mA2zHCTLW
Score

1^/10
behavioral9
- Target
  
  genericpath.pyc
- Size
  
  3KB
- MD5
  
  9218a22bb71073ba455b83f245af3893
- SHA1
  
  04f6e152e228035575ac3a8ce950595d5f96e0f4
- SHA256
  
  89a30b8bcf984d0d5538e086c2e5e76f9683d0d87c711a8fb4389331d4342807
- SHA512
  
  2518d77e3d37621875768e42818c1051629fbbd0be1f213881843695f910c054dbf1cd040c855fec361f68308aa057d10a8e7efc3ac56d3664e4e812695f9e81
Score

1^/10
behavioral10
- Target
  
  linecache.pyc
- Size
  
  3KB
- MD5
  
  749ac324b80b41cc7c03720abc918cac
- SHA1
  
  eae24d0aeca6f66b6233e7cb3d4b7186739be29b
- SHA256
  
  fc55d0442cdf69c8762a30a66ee7231be46c5dcae3bb81177062732857d0292c
- SHA512
  
  208ed9e0070bbb791dbf255b143428c6fb2ae710fd813b10a80fa6f6c3f8bd3d55caf684db444992192751677ae0033f0444e3b0e1475ce30d9d73cad6eb2596
Score

1^/10
behavioral11
- Target
  
  os.pyc
- Size
  
  27KB
- MD5
  
  d845a1698a5e4a9a3992ca514b924a52
- SHA1
  
  daef45b912f6ebc4d7d6d2d1ed7234b1f7769954
- SHA256
  
  ec16d78fff77115582630db2aa0167617e5e490785f634172e9570f014322f3c
- SHA512
  
  5a8ba0a5c0b45812b35d3546b5c3fbc48b445aee32089417e261d3ddfea508d3df7b3536c11d662d6993a6fb09de4d234b1b1896a810da0d2d60cfc1edb9942b
- SSDEEP
  
  768:BCa184aJH8ys0lG5ufiMq+7KTLrLjL1LDL3LnLnLcyW0t:oaeJH8ysAiMq+7K1Nt
Score

1^/10
behavioral12
- Target
  
  posixpath.pyc
- Size
  
  12KB
- MD5
  
  3795e4cbeec84cbd8b1073bf98cf01ac
- SHA1
  
  cbe1148996ae54fdc2a873a114fd79f40da8dcd8
- SHA256
  
  f17b70ec5fa6535961486cf601a3a1ea6e89f695c8ffe38d7fc7b128a1835386
- SHA512
  
  d7f768a1820f37ec44835ab25b405ec84567be6e0547f99ed5ea66c9ec75fcabbf554311f1888181a024709389c4bc9d1a6dac4b5c17149def73c43ed672be18
- SSDEEP
  
  384:Oo+731JjMvXW7c+XaXzFJM+7ciCYrdZPAzPLEgcv:Oo837jGXqc+XaXzFJMwciLU0ge
Score

1^/10
behavioral13
- Target
  
  re.pyc
- Size
  
  14KB
- MD5
  
  c4c8225af08a68323823b7323f15f117
- SHA1
  
  a57deabed7a661d59350b5692095db9d12a0c709
- SHA256
  
  4266137f82d1bf4c1b0d20d9ea0d45ba8f1aa6fca15140fe30fd0dd99d6ff21e
- SHA512
  
  42ae0fb234c13a8e1f73f72c030d2585b0e062ba1b33d8743db2aa1e415b79c26bd6c687f56f8de88747ed6c090c07b723e47caa0225507609e7bf3315e0bb72
- SSDEEP
  
  192:dLhuPG2DARzAuXTCQL5rPb+mPNGL6R/UX8tcFfesWtGAsZCNe7Ms:nuPjDssWPSIMX8tYfepGr1
Score

1^/10
behavioral14
- Target
  
  site.pyc
- Size
  
  20KB
- MD5
  
  da415177f27719df853538683867092c
- SHA1
  
  316afbd9219b195074fe3e211752908385c7c11c
- SHA256
  
  0c7c594e3a7008840c9d25ac0eaeb6f8dd1c3b4467d6851dbdc790c88ac96463
- SHA512
  
  9ab1ba6b662b794b9b0b06839a8d4cf51f7ef00487c34ce1d746fa915eed05fbddbb51c99cc6b138925444dfbdbb638d8b3f7dadaa3993a1285a4dddfc142e18
- SSDEEP
  
  384:Sl8YYllwXc9U8uMNC9yLSt298mLIBRCw4JmtqSUn7Q8kRU4mnE6B:NllAafuMw4GRsIBRC1Fnn0LWXnE6B
Score

1^/10
behavioral15
- Target
  
  sre_compile.pyc
- Size
  
  12KB
- MD5
  
  cdf07bd8aacf6881c2613920a544f505
- SHA1
  
  e870b38edb34959884edf8568fd17c06d62f32da
- SHA256
  
  26d72e06b83ecb5aa3cb7057a4bf821a91ab2d91365dca9bdcbc36eb2acb8926
- SHA512
  
  5c67a0aa61b75801514cdcb077012977ad56f01a4de9541c94f58e822b3b337a762bdb0e11a7c50c65739d817879e2b1a2900f07783431c85d4851aef686c400
- SSDEEP
  
  384:L3IMvxlGhOQ9cklzMaItdWLHmdYqrqsRh5+6:rTDDY6dYqrqQ+6
Score

1^/10
behavioral16
- Target
  
  sre_constants.pyc
- Size
  
  6KB
- MD5
  
  3439d1a5b2748e814b9ed75f9473964b
- SHA1
  
  95531dcdec3361e9e49fb8fbcbc8bcfbdd536458
- SHA256
  
  5d3155c7edbf462eda4a63b0704baffd94ca6bc00992f115ea692b9e9f904af5
- SHA512
  
  f520251bacbefb3145be6efc36f281f9163a89e10c9ea7f6e48b6d5f3ba411b9b09cd61ed84e94a5cf8f564a81f4ea752ee14ecbf564d38497944d89bdba2d07
- SSDEEP
  
  96:39xhaWnIc/b3RIicDu324268snWVX4mOCA8WLVhNhCMWTzy/x6mgXxBBo+weFBpz:txh5I63RIixScLVhNhQzyJ6mgBwf6Bpz
Score

1^/10
behavioral17
- Target
  
  sre_parse.pyc
- Size
  
  22KB
- MD5
  
  b977e785298d8db9bd81d2e000ae5530
- SHA1
  
  b93182920603448fd4bfdcca4e6a5720fa9c429c
- SHA256
  
  3e40c74f4cf0e066aa5a750ec79f3af6fe5bd735b37b4a9720760604c1835476
- SHA512
  
  f17b9ec7263c28d226a5b31a89b3c90a3433755817cd5bdcdafd436cfc8b7c6386659ed7bb147f8d9a84a818203af73f1af8bbfa38fdf18447caca35a4ea71d4
- SSDEEP
  
  384:adqHmaPwmUeZNoiBHhrs5OGKzWmAXty0CZT4Nvuh3Rod19UwcyoK6Ald0rJHQG/0:a0omUeZNxBHhrqfKCjXtxC9E83+sKrH7
Score

1^/10
behavioral18
- Target
  
  stat.pyc
- Size
  
  3KB
- MD5
  
  c6c4f847508083fa57ad674c2760e1e0
- SHA1
  
  10e311920dd8fb00bb0e0b076a2444f72d678fb2
- SHA256
  
  faf63daba85e93da5c24f702b23cdbe0c4c13459ffe00a15b7ec18b9f09c5f98
- SHA512
  
  3400dfbd9cf8cc35c01f9e4881e518ea15087546d142cf906b75694262d474395f1c2c0ebaf1318561f7fc10e4eb6e939f60d5e775291403d42a22947edd7f83
Score

1^/10
behavioral19
- Target
  
  sysconfig.pyc
- Size
  
  18KB
- MD5
  
  a06dbf91c5bd8bb4a9ece47d0b99ed5a
- SHA1
  
  46485cb272e8c5c6e2123259bec18b409cd396d0
- SHA256
  
  1a5abb3d6f1cb496a5c815e343eee7b56e2007c56ecc0c6f4bdd5dd101b67f4c
- SHA512
  
  92b39ac8adfdfc60153c7942a2eaa20a07ff83ed1f47b5ab9df9a3c29d5b33dbca23f00f8c0659a2fda99998890bbc3615cdaadf2b03a1a005c65b45384ad8a3
- SSDEEP
  
  384:YtN6ZGywY+AJY6w6qcH9MUKNIkcy+84WK1vK+mVJpKnvf:YrG1wFAJPwHcduukBF4m3pKnX
Score

1^/10
behavioral20
- Target
  
  traceback.pyc
- Size
  
  12KB
- MD5
  
  8e3374cdc0cda0a15c1ca66a67eb2065
- SHA1
  
  3275ebd8bf491a08f44b0030e4edeac61a2caf45
- SHA256
  
  52da287750c04762d8b2c819011c98b4a345081e82be35f50fb2d3cc66386c92
- SHA512
  
  a58f414af31ea6ea7b653a349de3e3f1b1f0c2ef6a25422d148c8e254358ec6ecd4b05d995c18a35fdc69dcbebc65c372fb19958746be37a434a70321c34d989
- SSDEEP
  
  192:TLT1ajtWSzkOEGIPTRVP9G67jl03Eqn8LbH+/of8x9uELGsV+hHYFl:XQj07X9l7JY4b1M9uE2hHYFl
Score

1^/10
behavioral21
- Target
  
  types.pyc
- Size
  
  2KB
- MD5
  
  41f31ba7e88783b9fb1bfe6c8140ce10
- SHA1
  
  7859b9f86bd53bf5aeada724b050ab9085570c19
- SHA256
  
  9fb3c25f0cc3f33f078a69001fb8b609935c29a1d88f2e2ea71f21bc57f1aedb
- SHA512
  
  f7c33d38c352ab6e93f334f8a77267c1cbd16c5a0ff4f67156dda7e52237faf496591af17dd34ded71b09db13d3e1b4f54ee632c1a6105d5bb1d2f175905d231
Score

1^/10
behavioral22
- Target
  
  warnings.pyc
- Size
  
  14KB
- MD5
  
  1b653e14eca5231a3011a8292fc27b87
- SHA1
  
  f11635a5eccc8743f0a36a89f809f12efba50763
- SHA256
  
  4fb3dfd175ec04a6022b4423157a2d6211e0a16884bff1e2ac8a16dbda532d8b
- SHA512
  
  87f30b642892d11a6db41166cf6db722b3ae147cb8b8fd40dbf899104eb4da2db1f60af6373737132030e0cbed22065e69b32c31405140bd4054441e930db576
- SSDEEP
  
  384:Tjz6et1+eIG90Qa6piJCSsX7R30Qr0VIUyb4Xy1WLKVv3cguj/cUn4H:TjWLrU0Qa6qsdEQrUYsnw0A
Score

1^/10
behavioral23
- Target
  
  render_h5_bridge.js
- Size
  
  2KB
- MD5
  
  f7ca349a61d2a5e8cff64e754704809d
- SHA1
  
  f68d8655c2e57983838061882e2ddc8abd5df0e8
- SHA256
  
  95df64e113825c7c91e68d8e36e3cb32c94048761e8e9d55a10c7930f6a0c869
- SHA512
  
  e280fdd928b5e8e89e5245af5a86918b04ad5b57cad84da1ee14e0bcdbe8eb8ef8f29e5284799523488f86ea7c38316a717f36abc33b11a1c9b4ac900d2b5d6b
Score

1^/10
behavioral24
- Target
  
  shop_snapshot_template.html
- Size
  
  29KB
- MD5
  
  11644e17d62bf36c19eeff744bb5930e
- SHA1
  
  33b8964231682b4fbbf7f35df225c7c6d2e8f1d6
- SHA256
  
  096f6d86d319fd0326b300c386e6e17e7e071fb06f0b8333707f56dd669bfdf8
- SHA512
  
  acd7dba5d94dc3873753c6e819796f6ed03b52bb596643534ea27d2789136facc3befa443dea30c9915791cfe23f0b061d263820bbcd10f5241fa60430c56b50
- SSDEEP
  
  384:BzJQ14CLXf1OiABsMF+ibQSCUeoEPa8IsNxoNwYeBYz5BKYccq9fP5bEHLS/Ntop:XQ14CLXfMH+ploVoU
Score

1^/10
behavioral25
- Target
  
  workerjs_multiworker.js
- Size
  
  1023B
- MD5
  
  d13cef0b3031732089e1a19705bd52bd
- SHA1
  
  c5501a42bf7f5bd7440c9898fca0f4abcaa3cffa
- SHA256
  
  0f1dc69a65f225aa67b6690ecf55fadea7c049dc5c7d4a2c6769e6124f1eba79
- SHA512
  
  5dac41406e25a3fa3344fc3617793229aa48a9dc7f16dc095d0cd1597031103f1fd0c070b2973b5d0cc53d713c7574dbfc86187a44b470714b0e01b5b34699b2
Score

1^/10
behavioral26
- Target
  
  workerjs_v8.js
- Size
  
  6KB
- MD5
  
  50bdd1c301db364f2391dbdd7b327632
- SHA1
  
  9f47bb4f8ae9b43fffc5a7022a8c0921d88b9952
- SHA256
  
  df4ed7f585ea1393fc71543f924daa4b756d02566c4e75b7ceaf15e99b53503e
- SHA512
  
  28dd15c3d4ade2721fc98632e8a6cca735f60b2e0431de3f126d6a5c8681234d4fbf3852c664b7bebf5df48c04177b190c30271bf80959fa0427a8f27160d2cc
- SSDEEP
  
  96:omLNOnL4Qcm7v/qjhKkccZeZzRFMeG1q2zjC2Tm/qy5qsVQqVfavoJQ5M5RJuQCI:Jy0QFIhKTPwof2T4qWaGIueQwQCzDzh6
Score

1^/10
behavioral27

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

FluBot payload

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27