flubot | 4751009aa937ea9fc90d879b84e7f745ac606080e9bb783ec6a2b222fdff4da7 | Triage

Submit
Reports

Overview

overview

Static

static

7

4751009aa9...a7.apk

android-9-x86

1

4751009aa9...a7.apk

android-10-x64

4751009aa9...a7.apk

android-11-x64

sConsole.html

windows7-x64

1

sConsole.html

windows10-2004-x64

1

Sharing

General

Target

4751009aa937ea9fc90d879b84e7f745ac606080e9bb783ec6a2b222fdff4da7.bin
Size

4.6MB
Sample

231009-1ys1eaag52
MD5

3c95df948d9fb9c64b1c71b8eb7fad05
SHA1

a4be8061655f1ef9eacc906af1465aca68a27a9b
SHA256

4751009aa937ea9fc90d879b84e7f745ac606080e9bb783ec6a2b222fdff4da7
SHA512

54f4bfc02a7bd169f2f4da48c1a247403ef2ab74986331e922c7d17d66225a66fd937ffbf51d2977395a746b73f4f5ca3be7911512b856eef418eee0e02194f4
SSDEEP

98304:CWAMjd6nGZjaO+DVre7FnOy/vw17D00UrcnDqAjDd0BhuenDPWcrOSxyu526XT:nR6nGVaOKyR07D07cnDqIDaBznDPW/u5

Score

10^/10

flubot android banker discovery evasion infostealer ransomware stealth trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4751009aa937ea9fc90d879b84e7f745ac606080e9bb783ec6a2b222fdff4da7.apk

Resource

android-x86-arm-20230831-en

android-9-x86

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

4751009aa937ea9fc90d879b84e7f745ac606080e9bb783ec6a2b222fdff4da7.apk

Resource

android-x64-20230831-en

flubot banker evasion infostealer ransomware stealth trojan

android-10-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

4751009aa937ea9fc90d879b84e7f745ac606080e9bb783ec6a2b222fdff4da7.apk

Resource

android-x64-arm64-20230831-en

flubot banker discovery evasion infostealer ransomware stealth trojan

android-11-x64

11 signatures

150 seconds

Behavioral task

behavioral4

Sample

sConsole.html

Resource

win7-20230831-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral5

Sample

sConsole.html

Resource

win10v2004-20230915-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  4751009aa937ea9fc90d879b84e7f745ac606080e9bb783ec6a2b222fdff4da7.bin
- Size
  
  4.6MB
- MD5
  
  3c95df948d9fb9c64b1c71b8eb7fad05
- SHA1
  
  a4be8061655f1ef9eacc906af1465aca68a27a9b
- SHA256
  
  4751009aa937ea9fc90d879b84e7f745ac606080e9bb783ec6a2b222fdff4da7
- SHA512
  
  54f4bfc02a7bd169f2f4da48c1a247403ef2ab74986331e922c7d17d66225a66fd937ffbf51d2977395a746b73f4f5ca3be7911512b856eef418eee0e02194f4
- SSDEEP
  
  98304:CWAMjd6nGZjaO+DVre7FnOy/vw17D00UrcnDqAjDd0BhuenDPWcrOSxyu526XT:nR6nGVaOKyR07D07cnDqIDaBznDPW/u5
Score

10^/10

flubot banker evasion infostealer ransomware stealth trojan discovery
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3
- Target
  
  sConsole.html
- Size
  
  269B
- MD5
  
  76cff191be980267fa533e55a9239ab7
- SHA1
  
  402d6414f2831b4ca167053a34c47a0c7673d24f
- SHA256
  
  864366803cea1cd7ae018366765a30a0a619be881b947a4c5f2fa2af751732a7
- SHA512
  
  7c8263eacf5d4a484fdb0e94f175057286055996cde69d6107cc0d5bca87c892a3c05f286d48dfb9ccfc6706a327441ff25248fba11d5e7db7f0762fbfe07d9b
Score

1^/10
behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

flubotbankerevasioninfostealerransomwarestealthtrojan

behavioral3

flubotbankerdiscoveryevasioninfostealerransomwarestealthtrojan

behavioral4

behavioral5

© 2018-2024

Terms | Privacy