flubot | 25b41f00a0a402e18f75883bd2d7df432b51073eb21fda5383804e55c0ae271a | Triage

Submit
Reports

Overview

overview

Static

static

6

bdc9e00b8a...ec.apk

bdc9e00b8a...ec.apk

android-10-x64

bdc9e00b8a...ec.apk

android-11-x64

Sharing

General

Target

bdc9e00b8add78d653fa930d6db418ec
Size

3.3MB
Sample

231222-rma6sabdh4
MD5

bdc9e00b8add78d653fa930d6db418ec
SHA1

b79ee813415ba6a1720db77ad5d94344496d40ce
SHA256

25b41f00a0a402e18f75883bd2d7df432b51073eb21fda5383804e55c0ae271a
SHA512

974bb94ea2597f6117360463f0341d3ec0474776edddcf6a2b32798e25529d2e9525c5d7edcb6f6eb8ae931ec488f73c569d345d009ea73d6180ae9a970cbe58
SSDEEP

98304:gzqGt3ZuI7y690JAD/oD42zXb6/LTdCHy4:gGGfuI7y2oDtn

Score

10^/10

flubot android banker discovery infostealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

bdc9e00b8add78d653fa930d6db418ec.apk

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

bdc9e00b8add78d653fa930d6db418ec.apk

Resource

android-x64-20231215-en

flubot banker discovery infostealer trojan

android-10-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

bdc9e00b8add78d653fa930d6db418ec.apk

Resource

android-x64-arm64-20231215-en

flubot banker discovery infostealer trojan

android-11-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  bdc9e00b8add78d653fa930d6db418ec
- Size
  
  3.3MB
- MD5
  
  bdc9e00b8add78d653fa930d6db418ec
- SHA1
  
  b79ee813415ba6a1720db77ad5d94344496d40ce
- SHA256
  
  25b41f00a0a402e18f75883bd2d7df432b51073eb21fda5383804e55c0ae271a
- SHA512
  
  974bb94ea2597f6117360463f0341d3ec0474776edddcf6a2b32798e25529d2e9525c5d7edcb6f6eb8ae931ec488f73c569d345d009ea73d6180ae9a970cbe58
- SSDEEP
  
  98304:gzqGt3ZuI7y690JAD/oD42zXb6/LTdCHy4:gGGfuI7y2oDtn
Score

10^/10

flubot banker discovery infostealer trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

flubotbankerdiscoveryinfostealertrojan

behavioral3

flubotbankerdiscoveryinfostealertrojan

© 2018-2024

Terms | Privacy