flubot | 854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8 | Triage

Submit
Reports

Overview

overview

Static

static

6

854c30bf0c...b8.apk

android-9-x86

854c30bf0c...b8.apk

android-10-x64

854c30bf0c...b8.apk

android-11-x64

Sharing

General

Target

854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8
Size

5.8MB
Sample

231220-fgg7cscedk
MD5

5f13277525cd49fe9faadb4991c3e184
SHA1

bc846998b592dc71c19a20fcdde0bdf4e208f5e9
SHA256

854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8
SHA512

c7c105ea03b5a968a5b592b8132c080c04bfba5c930cabd90aee84108b6672c603ee3e291dec0942eeb36db1b859ccce84bd0d28fb1edb5a55968a23ccaeaa8d
SSDEEP

98304:IevZEuKg3P8VajEu2XrsfdLppLe819z8KeJvcBvzatt102faYx6/4KTNEY4htwln:IOK3HQpToKCIz6102faY4j+3ax

Score

10^/10

flubot android banker evasion infostealer stealth trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8.apk

Resource

android-x86-arm-20231215-en

flubot banker evasion infostealer stealth trojan

android-9-x86

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8.apk

Resource

android-x64-20231215-en

flubot banker infostealer stealth trojan

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8.apk

Resource

android-x64-arm64-20231215-en

flubot banker evasion infostealer stealth trojan

android-11-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8
- Size
  
  5.8MB
- MD5
  
  5f13277525cd49fe9faadb4991c3e184
- SHA1
  
  bc846998b592dc71c19a20fcdde0bdf4e208f5e9
- SHA256
  
  854c30bf0c1a28a885f961428f462241a2aaa3f3977433385ff9e2291e1cf0b8
- SHA512
  
  c7c105ea03b5a968a5b592b8132c080c04bfba5c930cabd90aee84108b6672c603ee3e291dec0942eeb36db1b859ccce84bd0d28fb1edb5a55968a23ccaeaa8d
- SSDEEP
  
  98304:IevZEuKg3P8VajEu2XrsfdLppLe819z8KeJvcBvzatt102faYx6/4KTNEY4htwln:IOK3HQpToKCIz6102faY4j+3ax
Score

10^/10

flubot banker evasion infostealer stealth trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

flubotbankerevasioninfostealerstealthtrojan

behavioral2

flubotbankerinfostealerstealthtrojan

behavioral3

flubotbankerevasioninfostealerstealthtrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.