Overview

overview

10

Static

static

6

231126-1wt...ed.zip

windows7-x64

1

231126-1wt...ed.zip

windows10-2004-x64

1

9b04500fcd...93.apk

android-9-x86

10

9b04500fcd...93.apk

android-10-x64

10

9b04500fcd...93.apk

android-11-x64

10

Resubmissions

10-12-2023 02:04

231210-chjvssbebk 10

09-12-2023 09:25

231209-ldymtsfgcr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    231126-1wttxsce51_pw_infected.zip

  • Size

    4.7MB

  • Sample

    231210-chjvssbebk

  • MD5

    abb6e6aea190889fbf34776e5d896743

  • SHA1

    515065e6c4252cb0ebd398213cc88909eed0d584

  • SHA256

    50a476286fec135a8a3189dd0384da299e70c3abb6f6c66bb7f4926eb041ef0b

  • SHA512

    bd61fb2e46073a1b0d0e374e62915660f6018cead2e4de22df964da266828a5dba7af34e8b883f511e4a3d894c9f6436ca84956776aaa4a8f470a68a5d280387

  • SSDEEP

    98304:UCEYLaQ7df+QA13rG+d+IU/nOn61RF2nxoSa9ZvEKy0h:Pnp2QAZZ4r/OnORNSkPh

Score
10/10
flubotandroidbankerdiscoveryevasioninfostealerstealthtrojan

Malware Config

Targets

    • Target

      231126-1wttxsce51_pw_infected.zip

    • Size

      4.7MB

    • MD5

      abb6e6aea190889fbf34776e5d896743

    • SHA1

      515065e6c4252cb0ebd398213cc88909eed0d584

    • SHA256

      50a476286fec135a8a3189dd0384da299e70c3abb6f6c66bb7f4926eb041ef0b

    • SHA512

      bd61fb2e46073a1b0d0e374e62915660f6018cead2e4de22df964da266828a5dba7af34e8b883f511e4a3d894c9f6436ca84956776aaa4a8f470a68a5d280387

    • SSDEEP

      98304:UCEYLaQ7df+QA13rG+d+IU/nOn61RF2nxoSa9ZvEKy0h:Pnp2QAZZ4r/OnORNSkPh

    Score
    1/10
    behavioral1behavioral2

    • Target

      9b04500fcd4237ddb27a25cf4483bbefe03c6aaf12500c0b7b46ed898f999393.bin

    • Size

      4.8MB

    • MD5

      ca5240489cfb5b97fde09a85e2d90c9b

    • SHA1

      26517a68db93bb36ebf31c2fe4b4b8c0f2fc3c84

    • SHA256

      9b04500fcd4237ddb27a25cf4483bbefe03c6aaf12500c0b7b46ed898f999393

    • SHA512

      df458a089cd18e0cb8e80e8e8eb81d5ad0b9f16c7dddfb968e0a50ac356dffb9149b6957d3b27d4908cc1da366fae98736cb650f5ad8f988f2a63945cf1aeae4

    • SSDEEP

      98304:u9srlNqjQuH5a3udaBi/coneFEGOlOKQr3lIrSTjorzM13/wkT:u9srlia3mQgMO47lIrSXU83xT

    Score
    10/10
    flubotbankerdiscoveryevasioninfostealerstealthtrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Removes its main activity from the application launcher

      stealthtrojan

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral3behavioral4behavioral5

MITRE ATT&CK Matrix ATT&CK v13

Tasks