flubot | 854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8 | Triage

Submit
Reports

Overview

overview

Static

static

6

854c30bf0c...b8.apk

android-9-x86

854c30bf0c...b8.apk

android-10-x64

854c30bf0c...b8.apk

android-11-x64

Sharing

General

Target

854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8
Size

5.8MB
Sample

231220-fgg7cscedk
MD5

5f13277525cd49fe9faadb4991c3e184
SHA1

bc846998b592dc71c19a20fcdde0bdf4e208f5e9
SHA256

854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8
SHA512

c7c105ea03b5a968a5b592b8132c080c04bfba5c930cabd90aee84108b6672c603ee3e291dec0942eeb36db1b859ccce84bd0d28fb1edb5a55968a23ccaeaa8d
SSDEEP

98304:IevZEuKg3P8VajEu2XrsfdLppLe819z8KeJvcBvzatt102faYx6/4KTNEY4htwln:IOK3HQpToKCIz6102faY4j+3ax

Score

10^/10

flubot android banker evasion infostealer stealth trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8.apk

Resource

android-x86-arm-20231215-en

flubot banker evasion infostealer stealth trojan

android-9-x86

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8.apk

Resource

android-x64-20231215-en

flubot banker infostealer stealth trojan

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8.apk

Resource

android-x64-arm64-20231215-en

flubot banker evasion infostealer stealth trojan

android-11-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8
- Size
  
  5.8MB
- MD5
  
  5f13277525cd49fe9faadb4991c3e184
- SHA1
  
  bc846998b592dc71c19a20fcdde0bdf4e208f5e9
- SHA256
  
  854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8
- SHA512
  
  c7c105ea03b5a968a5b592b8132c080c04bfba5c930cabd90aee84108b6672c603ee3e291dec0942eeb36db1b859ccce84bd0d28fb1edb5a55968a23ccaeaa8d
- SSDEEP
  
  98304:IevZEuKg3P8VajEu2XrsfdLppLe819z8KeJvcBvzatt102faYx6/4KTNEY4htwln:IOK3HQpToKCIz6102faY4j+3ax
Score

10^/10

flubot banker evasion infostealer stealth trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

flubotbankerevasioninfostealerstealthtrojan

behavioral2

flubotbankerinfostealerstealthtrojan

behavioral3

flubotbankerevasioninfostealerstealthtrojan

© 2018-2024

Terms | Privacy