flubot | 9cb020a79c3a1028b5a278712923a3246978c68a544009480e57887e14d674df | Triage

Sharing

General

Target

9cb020a79c3a1028b5a278712923a3246978c68a544009480e57887e14d674df.bin
Size

4.8MB
Sample

231009-1zkenagf9x
MD5

c10214331255a0c1e74fea2aac739e8c
SHA1

5ce619517de7a4c22dd473f6bfb2e989b543d864
SHA256

9cb020a79c3a1028b5a278712923a3246978c68a544009480e57887e14d674df
SHA512

307058d35b165cefe2485f97d046d0baf597ff43991705b93732c32c701e8e52e3012e30240364992c59bd8d7ad81c3ac1db75d7927c6e8d14e6c92c598cb452
SSDEEP

98304:BS5spIP290ty+u50+F1/ZlZVZqMA3gdj7DrX8N+fU33W3Ys7pE0eV7:B8spU292yE+33ZVZ9t0Yf+3SdReN

Score

10^/10

flubot android banker discovery infostealer ransomware trojan

Malware Config

Targets

- Target
  
  9cb020a79c3a1028b5a278712923a3246978c68a544009480e57887e14d674df.bin
- Size
  
  4.8MB
- MD5
  
  c10214331255a0c1e74fea2aac739e8c
- SHA1
  
  5ce619517de7a4c22dd473f6bfb2e989b543d864
- SHA256
  
  9cb020a79c3a1028b5a278712923a3246978c68a544009480e57887e14d674df
- SHA512
  
  307058d35b165cefe2485f97d046d0baf597ff43991705b93732c32c701e8e52e3012e30240364992c59bd8d7ad81c3ac1db75d7927c6e8d14e6c92c598cb452
- SSDEEP
  
  98304:BS5spIP290ty+u50+F1/ZlZVZqMA3gdj7DrX8N+fU33W3Ys7pE0eV7:B8spU292yE+33ZVZ9t0Yf+3SdReN
Score

10^/10

flubot banker discovery infostealer ransomware trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3
- Target
  
  appboy-html-in-app-message-javascript-component.js
- Size
  
  3KB
- MD5
  
  c12d3758fa172a40a1975cdb1f5669ac
- SHA1
  
  24c2a69c30703f3362b9b68d933f49dc681803fc
- SHA256
  
  bd5646863645108b6314045a3da03c30f0d6accf570a4bd42ce74949e1ef91df
- SHA512
  
  147106472163751dd156bf06b3bc70389c104fe4a43c06dfbd8e1398d929c752673238e78c007d01cbb7c66ae41098256618980662643123dd46ccb29efc5f9d
Score

1^/10
behavioral4 behavioral5
- Target
  
  t-rex.html
- Size
  
  80KB
- MD5
  
  16911fcc170c8af1c5457940bd0bf055
- SHA1
  
  eb44540186285271130b056fa6099b1988319fc4
- SHA256
  
  dc72cfc1f1d2a5013bb9de34f8cacf5e26e542d7d713fcbe09b865b4aaca6ddf
- SHA512
  
  131a00b7895a40ea0fb355ecc5292b3cbbcd23b45dd59b07da1b8eb86501ff0ec698ab5446687cd7ff5fba03d97b7a0b6e47196dc284a51c677cf04dbe13e393
- SSDEEP
  
  1536:V5OdudTTa8udsB7g1BuqHkFT5VgYzMGgbJsMPz:Vq0y80I7OuikXm3bJsMPz
Score

1^/10
behavioral6 behavioral7
- Target
  
  vk_dex.apk
- Size
  
  106KB
- MD5
  
  bc185a98eeb3c6854c2caa633295fa3b
- SHA1
  
  cf0b10d87d8d6459ae5b74483d7020dd496800e1
- SHA256
  
  da37cf4de83a645e1b3241879abe4a9e1a2fdb8a5e3f8bbe634509ac660a480d
- SHA512
  
  5bb4bb3aaabf3fa44260c4aec4925fd60901eaf9be83ae661bbb013ca976dc9c4c5d2debea76fc8779ecbd01cf63221b8b6be9951139a972a3b82c92c0fc1c85
- SSDEEP
  
  3072:nQnd9yPnoYlod2kB2zYrp42EUzHGSPIyPzKEmOZPGk9Nt:ywnblhW28ru2kSPIyPz7Gk9L
Score

1^/10
behavioral10 behavioral8 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flubotbankerdiscoveryinfostealerransomwaretrojan

behavioral2

flubotbankerinfostealertrojan

behavioral3

flubotbankerinfostealerransomwaretrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10