flubot | 642b7176d21b6769cf5bf0ddee83fda9ef4a067299f3491109395b4393979872 | Triage

Submit
Reports

Overview

overview

Static

static

6

bbb9e3bbe1...f2.apk

bbb9e3bbe1...f2.apk

android-10-x64

bbb9e3bbe1...f2.apk

android-11-x64

Sharing

General

Target

bbb9e3bbe18753b697a7bf6d45d1fcf2
Size

3.3MB
Sample

231222-rj8ymsahf2
MD5

bbb9e3bbe18753b697a7bf6d45d1fcf2
SHA1

970ef4b5379e0431bf848fddf8ec8c54b2b59330
SHA256

642b7176d21b6769cf5bf0ddee83fda9ef4a067299f3491109395b4393979872
SHA512

6ffb2cf92e054b3dbdcce77c77ddb0c097c9eeb1702e5d87c894ee7f9338c04bd09517fa2b3b9f86d5c039edf60c459cd3ec8ff634c0d04cf445cebff45ebd14
SSDEEP

98304:ErqGt3ZuI7y690JAD/oD4OrzT6/LTdCHOU:E+GfuI7y2oDVn

Score

10^/10

flubot android banker discovery infostealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

bbb9e3bbe18753b697a7bf6d45d1fcf2.apk

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

bbb9e3bbe18753b697a7bf6d45d1fcf2.apk

Resource

android-x64-20231215-en

flubot banker discovery infostealer trojan

android-10-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

bbb9e3bbe18753b697a7bf6d45d1fcf2.apk

Resource

android-x64-arm64-20231215-en

flubot banker discovery infostealer trojan

android-11-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  bbb9e3bbe18753b697a7bf6d45d1fcf2
- Size
  
  3.3MB
- MD5
  
  bbb9e3bbe18753b697a7bf6d45d1fcf2
- SHA1
  
  970ef4b5379e0431bf848fddf8ec8c54b2b59330
- SHA256
  
  642b7176d21b6769cf5bf0ddee83fda9ef4a067299f3491109395b4393979872
- SHA512
  
  6ffb2cf92e054b3dbdcce77c77ddb0c097c9eeb1702e5d87c894ee7f9338c04bd09517fa2b3b9f86d5c039edf60c459cd3ec8ff634c0d04cf445cebff45ebd14
- SSDEEP
  
  98304:ErqGt3ZuI7y690JAD/oD4OrzT6/LTdCHOU:E+GfuI7y2oDVn
Score

10^/10

flubot banker discovery infostealer trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

flubotbankerdiscoveryinfostealertrojan

behavioral3

flubotbankerdiscoveryinfostealertrojan

© 2018-2024

Terms | Privacy