flubot | 552e18f143538a170bbc5923fefdb94949f7f116c5866ef267550c943c2b61d5 | Triage

Submit
Reports

Overview

overview

Static

static

6

6d356a0419...c4.apk

6d356a0419...c4.apk

android-10-x64

6d356a0419...c4.apk

android-11-x64

Sharing

General

Target

6d356a04197b3138d3669c6b42f14ac4
Size

3.3MB
Sample

231222-fpdtxagbhk
MD5

6d356a04197b3138d3669c6b42f14ac4
SHA1

388a24d091287e75840b3d3c0575ec5055767a53
SHA256

552e18f143538a170bbc5923fefdb94949f7f116c5866ef267550c943c2b61d5
SHA512

921dd4bdd15521367195f1342105ee8b99cf623d324abd66b7f7bed2a453f880f8c74dcf83193415f77899a7c61eb8ed07197fba8a5490c04d8dd1146896515a
SSDEEP

98304:PylGt3ZuI7y690JAD/oD40RBx6/LTdCH03:PSGfuI7y2oD9C

Score

10^/10

flubot android banker discovery infostealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6d356a04197b3138d3669c6b42f14ac4.apk

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

6d356a04197b3138d3669c6b42f14ac4.apk

Resource

android-x64-20231215-en

flubot banker discovery infostealer trojan

android-10-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

6d356a04197b3138d3669c6b42f14ac4.apk

Resource

android-x64-arm64-20231215-en

flubot banker discovery infostealer trojan

android-11-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  6d356a04197b3138d3669c6b42f14ac4
- Size
  
  3.3MB
- MD5
  
  6d356a04197b3138d3669c6b42f14ac4
- SHA1
  
  388a24d091287e75840b3d3c0575ec5055767a53
- SHA256
  
  552e18f143538a170bbc5923fefdb94949f7f116c5866ef267550c943c2b61d5
- SHA512
  
  921dd4bdd15521367195f1342105ee8b99cf623d324abd66b7f7bed2a453f880f8c74dcf83193415f77899a7c61eb8ed07197fba8a5490c04d8dd1146896515a
- SSDEEP
  
  98304:PylGt3ZuI7y690JAD/oD40RBx6/LTdCH03:PSGfuI7y2oD9C
Score

10^/10

flubot banker discovery infostealer trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

flubotbankerdiscoveryinfostealertrojan

behavioral3

flubotbankerdiscoveryinfostealertrojan

© 2018-2024

Terms | Privacy