flubot | 4da397dcda35bd469b3af3c0f49ef7a2a4e19e3338f2b557560384d174b197fa | Triage

Submit
Reports

Overview

overview

Static

static

6

4da397dcda...fa.apk

android-9-x86

4da397dcda...fa.apk

android-10-x64

4da397dcda...fa.apk

android-11-x64

Sharing

General

Target

4da397dcda35bd469b3af3c0f49ef7a2a4e19e3338f2b557560384d174b197fa
Size

6.7MB
Sample

231223-t6321shfej
MD5

528e717abda498c72a11370631410cad
SHA1

3a41286bdc3becf2f6eb6403c71ff4cce5dd6b0d
SHA256

4da397dcda35bd469b3af3c0f49ef7a2a4e19e3338f2b557560384d174b197fa
SHA512

0e054e89e39fa004580575002f6df4e484cc69bf5be6eabb968acd9d854ce34e77e3fb1aa47ef6c314885667d0419ac8c656af0bee5f64dd3872be8062a14e24
SSDEEP

196608:POeipkzfuE7GiqwZy9c9UlaxsXfZmV91g2ZbJolK0xxBk:meh7upiBZy90Ul/RmauolxxTk

Score

10^/10

flubot android banker discovery infostealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4da397dcda35bd469b3af3c0f49ef7a2a4e19e3338f2b557560384d174b197fa.apk

Resource

android-x86-arm-20231215-en

flubot banker discovery infostealer trojan

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

4da397dcda35bd469b3af3c0f49ef7a2a4e19e3338f2b557560384d174b197fa.apk

Resource

android-x64-20231215-en

flubot banker discovery infostealer trojan

android-10-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

4da397dcda35bd469b3af3c0f49ef7a2a4e19e3338f2b557560384d174b197fa.apk

Resource

android-x64-arm64-20231215-en

flubot banker discovery infostealer trojan

android-11-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  4da397dcda35bd469b3af3c0f49ef7a2a4e19e3338f2b557560384d174b197fa
- Size
  
  6.7MB
- MD5
  
  528e717abda498c72a11370631410cad
- SHA1
  
  3a41286bdc3becf2f6eb6403c71ff4cce5dd6b0d
- SHA256
  
  4da397dcda35bd469b3af3c0f49ef7a2a4e19e3338f2b557560384d174b197fa
- SHA512
  
  0e054e89e39fa004580575002f6df4e484cc69bf5be6eabb968acd9d854ce34e77e3fb1aa47ef6c314885667d0419ac8c656af0bee5f64dd3872be8062a14e24
- SSDEEP
  
  196608:POeipkzfuE7GiqwZy9c9UlaxsXfZmV91g2ZbJolK0xxBk:meh7upiBZy90Ul/RmauolxxTk
Score

10^/10

flubot banker discovery infostealer trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flubotbankerdiscoveryinfostealertrojan

behavioral2

flubotbankerdiscoveryinfostealertrojan

behavioral3

flubotbankerdiscoveryinfostealertrojan

© 2018-2024

Terms | Privacy