flubot | 97206706b5aa31cebb8ac30102632d3072bd00b1bc6d9a097db417974dca69a5 | Triage

Submit
Reports

Overview

overview

Static

static

6

97206706b5...a5.apk

97206706b5...a5.apk

android-10-x64

97206706b5...a5.apk

android-11-x64

Sharing

General

Target

97206706b5aa31cebb8ac30102632d3072bd00b1bc6d9a097db417974dca69a5
Size

4.5MB
Sample

231220-kmjplagab3
MD5

f9a79cb761afbb4315840408e14c5a6b
SHA1

f5e6549a76e9713f961fa9c7855b9cc9ffc5cf0a
SHA256

97206706b5aa31cebb8ac30102632d3072bd00b1bc6d9a097db417974dca69a5
SHA512

d9b92df7f9ae8c4d8f36c93f454c4df84b609aab94910bca73fdff7db673fbec2490ab38adb634c9006c7690c6064bf0c4edd4acf236add6f93d9f7fa99e9f7d
SSDEEP

98304:6ybtPX2a3eE3ldgwnvK6t9bVCNJd1IWTryoa:NbrOE3lqwnvKu9bVC3zIOm

Score

10^/10

flubot android banker evasion infostealer stealth trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

97206706b5aa31cebb8ac30102632d3072bd00b1bc6d9a097db417974dca69a5.apk

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

97206706b5aa31cebb8ac30102632d3072bd00b1bc6d9a097db417974dca69a5.apk

Resource

android-x64-20231215-en

flubot banker infostealer stealth trojan

android-10-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

97206706b5aa31cebb8ac30102632d3072bd00b1bc6d9a097db417974dca69a5.apk

Resource

android-x64-arm64-20231215-en

flubot banker evasion infostealer stealth trojan

android-11-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  97206706b5aa31cebb8ac30102632d3072bd00b1bc6d9a097db417974dca69a5
- Size
  
  4.5MB
- MD5
  
  f9a79cb761afbb4315840408e14c5a6b
- SHA1
  
  f5e6549a76e9713f961fa9c7855b9cc9ffc5cf0a
- SHA256
  
  97206706b5aa31cebb8ac30102632d3072bd00b1bc6d9a097db417974dca69a5
- SHA512
  
  d9b92df7f9ae8c4d8f36c93f454c4df84b609aab94910bca73fdff7db673fbec2490ab38adb634c9006c7690c6064bf0c4edd4acf236add6f93d9f7fa99e9f7d
- SSDEEP
  
  98304:6ybtPX2a3eE3ldgwnvK6t9bVCNJd1IWTryoa:NbrOE3lqwnvKu9bVC3zIOm
Score

10^/10

flubot banker infostealer stealth trojan evasion
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

flubotbankerinfostealerstealthtrojan

behavioral3

flubotbankerevasioninfostealerstealthtrojan

© 2018-2024

Terms | Privacy