flubot | cb43d09133f6c65bdd25001f231cc1379aa63bd8ad5a20e8671861f5f0da2b74 | Triage

Sharing

General

Target

cb43d09133f6c65bdd25001f231cc1379aa63bd8ad5a20e8671861f5f0da2b74.bin
Size

3.9MB
Sample

231009-12jk5sag74
MD5

4e5b975596521d64b8f9ae1cbe4a9879
SHA1

64569d6caecae1cb0a7982bdcbaec104f99eb7d4
SHA256

cb43d09133f6c65bdd25001f231cc1379aa63bd8ad5a20e8671861f5f0da2b74
SHA512

530b27bed6d9b06086d3b80347acbd73c3fabc3198fb53a35918a3222586b791adee1323132e0bffd6971c75ba31f2c966a5719956a5c840e4398a0f17311199
SSDEEP

98304:eqC/loKvtb7KA0mTsL6kr3dQf+AC7rjZRFJtYvw:eqC/e47lElLdC6rj7FJz

Score

10^/10

flubot android banker evasion infostealer linux ransomware stealth trojan

Malware Config

Targets

- Target
  
  cb43d09133f6c65bdd25001f231cc1379aa63bd8ad5a20e8671861f5f0da2b74.bin
- Size
  
  3.9MB
- MD5
  
  4e5b975596521d64b8f9ae1cbe4a9879
- SHA1
  
  64569d6caecae1cb0a7982bdcbaec104f99eb7d4
- SHA256
  
  cb43d09133f6c65bdd25001f231cc1379aa63bd8ad5a20e8671861f5f0da2b74
- SHA512
  
  530b27bed6d9b06086d3b80347acbd73c3fabc3198fb53a35918a3222586b791adee1323132e0bffd6971c75ba31f2c966a5719956a5c840e4398a0f17311199
- SSDEEP
  
  98304:eqC/loKvtb7KA0mTsL6kr3dQf+AC7rjZRFJtYvw:eqC/e47lElLdC6rj7FJz
Score

10^/10

flubot banker evasion infostealer ransomware stealth trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3
- Target
  
  android-support-v4.jar
- Size
  
  972KB
- MD5
  
  8016aea9eeea9ab956295bf04ad1d8cc
- SHA1
  
  3e4e879d0b3dc11f2feb3f55e77e3b5bd82c4a28
- SHA256
  
  79a68c13ec2f0c7619507eeb74249b93e8a7d626e8eb88b0d4fb3c3d8e3f6c7f
- SHA512
  
  7594d0c93f89827b0e31665820d5e28b0eec78b5a80f0c440810d5f727991eb6876e0b5e1c7ab2acea1a27419942c421cf1032bbe66ae9d9dbf8f9266e25dd38
- SSDEEP
  
  24576:VbEGdS8oLJ3pV3obx0uI1N5FrYWJHVTQtcq0trFwFDMZs:VbF+LJcbat5BYWJStR0QS+
Score

1^/10
behavioral4 behavioral5
- Target
  
  corejs.1.3.4.js
- Size
  
  4KB
- MD5
  
  9172967c46f900e8a833d7957124f845
- SHA1
  
  6db5716d478cf8425b6958ef26a83d2e7e790e4e
- SHA256
  
  37e6df9d6f0e39a2ef73e6bfbffd82752b7a8213cdd18f1fadb6b32f7c542816
- SHA512
  
  d8665607df76ad548592cad817478bafad46cbba756ecd0df2bb4ac3b8a79c6257a6f63f8e8e252a43c51c810fdb470be4f1f3ad73a9722c9643c9f98749ce02
- SSDEEP
  
  96:msUzqaPaOhLAeigoqHc5Puiq+rfdBycCQcNmtKtzrfjo317tTEDcDTGlOGlynHVx:mxHBlonPuiRLd8cCzzrKH4QDKH0nHViu
Score

1^/10
behavioral6 behavioral7
- Target
  
  libfolly_futures.so
- Size
  
  342KB
- MD5
  
  4d30ed60b9804c14da102d578d8ef1d8
- SHA1
  
  f5dcbedb0f28b1ffd046e9213d4b848fc04bfc9d
- SHA256
  
  4693939b11498d3819e3b8e6013d662b287d181bc118445b5c4bbd69caac82d0
- SHA512
  
  ab44432d742fb7142602eff54c73575f2d8903f2ac0f707091420773dad5967713c1d4ec3bccfb8165ef1afa66fae4b43740be7abde28ad3a18107ee55d878c8
- SSDEEP
  
  6144:rCwFfWqxk8IXs0vKu8RC72Rs0e8jeFxafnLfn8:Bu8RG2Rs0evk
Score

1^/10
behavioral10 behavioral11 behavioral8 behavioral9
- Target
  
  libjsijniprofiler.so
- Size
  
  38KB
- MD5
  
  4c20e8400aca4b75016f4d94f6577f92
- SHA1
  
  6e5e7520d561ee888a7657e2e1b4a7aefb1314bc
- SHA256
  
  006f2255b890b45776bd954393592da18a354b40c3920b3f9fc954ed3e1426df
- SHA512
  
  a2bfd5f05b5042ee2de8aabbbec6ed2cbb7f198bf14e53eb0bc61d37b65ff03d9ac6253a25345dcb6a946c738755748fdb256798957962ec2573647852aed54a
- SSDEEP
  
  768:I0phcFNtncDhqDGw+Yge0pNiTL8nF0CwyDe9MmiV3:I0AF3ncdqDG+ge0pMsOCwyDe9FiV
Score

1^/10
behavioral12 behavioral13 behavioral14 behavioral15
- Target
  
  libnative-imagetranscoder.so
- Size
  
  465KB
- MD5
  
  6180728f567bd37827fe3d26b574cbf5
- SHA1
  
  33f12e7b7e9e727a8c6b98b9b9d1bd3d3531e422
- SHA256
  
  d09d8c8e0d04a789d5a03fed4373bd79d59449e1205f688528a814acd4df5977
- SHA512
  
  9c89ac970fab3e77feca9b791d3de6c28eb3e937d42d6d1719566a71882be00e11567049891b2a3890520fbaf3d1d66b2cf3946a463035c088000e1bca0534d9
- SSDEEP
  
  12288:nBIKHPdcSeVzyIGdNbgSe+6vHpRbrl00F1:ddcSdP9s/
Score

1^/10
behavioral16 behavioral17 behavioral18 behavioral19
- Target
  
  libreactnativeblob.so
- Size
  
  90KB
- MD5
  
  cad0e778f49b1d01fb74e6925eef3217
- SHA1
  
  470af8e76e077469c7561c5a105a5456d659821c
- SHA256
  
  3ab6901688e3571dccab8e624532db429265ac2b0761b3eb213f154e688ecac0
- SHA512
  
  7c445650816a4c5582972c3c729aec9d001e62ade6f574856f2eef0f814d74a5a7f82363afe4de554d5c80d42839f1b5e48abaf4f7882eae66fa31b6780b6501
- SSDEEP
  
  1536:c/Y0G2FKiq3i0GqRKdvfcOBXX8n9bZzTbNwVfngq8zhDa0pT4N4YyDXUQdL7z9/D:wVG2FKT3i0GOKdvlM9bhEfngq8zhDa0r
Score

1^/10
behavioral20 behavioral21 behavioral22 behavioral23

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

flubotbankerevasioninfostealerransomwarestealthtrojan

behavioral2

flubotbankerinfostealerransomwarestealthtrojan

behavioral3

flubotbankerevasioninfostealerransomwarestealthtrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23