Overview

overview

10

Static

static

7

53c46a3f65...6e.apk

android-9-x86

10

53c46a3f65...6e.apk

android-10-x64

10

53c46a3f65...6e.apk

android-11-x64

10

sConsole.html

windows7-x64

1

sConsole.html

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53c46a3f650e903192f0b094b3f063a8d3459713d80cfc2f2af5b389c165e76e.bin

  • Size

    4.9MB

  • Sample

    231123-1xtwbacf76

  • MD5

    5629475dba989c8d00bfcd62396cab9c

  • SHA1

    c24a5a876affb9e62614a214e0480d11d920e9e5

  • SHA256

    53c46a3f650e903192f0b094b3f063a8d3459713d80cfc2f2af5b389c165e76e

  • SHA512

    25a6b0c9c971941d8e09a888a977048b9bb60b26c440b271c4101b0c6305339ff576294e0e4ebc0d1dac640deb70967528af7c91cf7a95c1d2afd09188fa7995

  • SSDEEP

    98304:RZ+geGajn0awMkSFqN6Dfy/UI+nhtf7QM4FSoD+zLRSMeu/IuFwAKLPND3Pdr1zf:RZ+gWjfnj0Ajy/mt1oYdPIuFwDBD3Vhf

Score
10/10
flubotandroidbankerdiscoveryevasioninfostealerransomwarestealthtrojan

Malware Config

Targets

    • Target

      53c46a3f650e903192f0b094b3f063a8d3459713d80cfc2f2af5b389c165e76e.bin

    • Size

      4.9MB

    • MD5

      5629475dba989c8d00bfcd62396cab9c

    • SHA1

      c24a5a876affb9e62614a214e0480d11d920e9e5

    • SHA256

      53c46a3f650e903192f0b094b3f063a8d3459713d80cfc2f2af5b389c165e76e

    • SHA512

      25a6b0c9c971941d8e09a888a977048b9bb60b26c440b271c4101b0c6305339ff576294e0e4ebc0d1dac640deb70967528af7c91cf7a95c1d2afd09188fa7995

    • SSDEEP

      98304:RZ+geGajn0awMkSFqN6Dfy/UI+nhtf7QM4FSoD+zLRSMeu/IuFwAKLPND3Pdr1zf:RZ+gWjfnj0Ajy/mt1oYdPIuFwDBD3Vhf

    Score
    10/10
    flubotbankerevasioninfostealerransomwarestealthtrojandiscovery

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Makes use of the framework's Accessibility service.

    • Removes its main activity from the application launcher

      stealthtrojan

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

    • Target

      sConsole.html

    • Size

      269B

    • MD5

      76cff191be980267fa533e55a9239ab7

    • SHA1

      402d6414f2831b4ca167053a34c47a0c7673d24f

    • SHA256

      864366803cea1cd7ae018366765a30a0a619be881b947a4c5f2fa2af751732a7

    • SHA512

      7c8263eacf5d4a484fdb0e94f175057286055996cde69d6107cc0d5bca87c892a3c05f286d48dfb9ccfc6706a327441ff25248fba11d5e7db7f0762fbfe07d9b

    Score
    1/10
    behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks