flubot | 76190371f81113c07f2a176f26e61bea82f8f55debe2915c577f4ebe1b22f252 | Triage

Submit
Reports

Overview

overview

Static

static

6

76190371f8...52.apk

android-9-x86

76190371f8...52.apk

android-10-x64

76190371f8...52.apk

android-11-x64

Sharing

General

Target

76190371f81113c07f2a176f26e61bea82f8f55debe2915c577f4ebe1b22f252
Size

6.8MB
Sample

231223-x1xvlagfa9
MD5

7a9a3c3c37885357227fb211984bbd40
SHA1

8046275ad75ef2bdbf1f21f6c64d36563d5b06f4
SHA256

76190371f81113c07f2a176f26e61bea82f8f55debe2915c577f4ebe1b22f252
SHA512

f854d84d80bed707e9252700cfc8dfdd53132a7a9e1db0a64fafc3b01568a7970e1d73c3a23f169a76ed709aef7b58988c2dff86281fbe0eb535bb7becdf9499
SSDEEP

98304:tRrQM+PuN/1PP1DD1P7meIS64D4YC6zo4g9ZCi74Oit3Qqv5x7vnKEZ:j+WN/19DMem04Z4Tr3Qw5dnKEZ

Score

10^/10

flubot android banker discovery infostealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

76190371f81113c07f2a176f26e61bea82f8f55debe2915c577f4ebe1b22f252.apk

Resource

android-x86-arm-20231215-en

flubot banker discovery infostealer trojan

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

76190371f81113c07f2a176f26e61bea82f8f55debe2915c577f4ebe1b22f252.apk

Resource

android-x64-20231215-en

flubot banker discovery infostealer trojan

android-10-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

76190371f81113c07f2a176f26e61bea82f8f55debe2915c577f4ebe1b22f252.apk

Resource

android-x64-arm64-20231215-en

flubot banker discovery infostealer trojan

android-11-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  76190371f81113c07f2a176f26e61bea82f8f55debe2915c577f4ebe1b22f252
- Size
  
  6.8MB
- MD5
  
  7a9a3c3c37885357227fb211984bbd40
- SHA1
  
  8046275ad75ef2bdbf1f21f6c64d36563d5b06f4
- SHA256
  
  76190371f81113c07f2a176f26e61bea82f8f55debe2915c577f4ebe1b22f252
- SHA512
  
  f854d84d80bed707e9252700cfc8dfdd53132a7a9e1db0a64fafc3b01568a7970e1d73c3a23f169a76ed709aef7b58988c2dff86281fbe0eb535bb7becdf9499
- SSDEEP
  
  98304:tRrQM+PuN/1PP1DD1P7meIS64D4YC6zo4g9ZCi74Oit3Qqv5x7vnKEZ:j+WN/19DMem04Z4Tr3Qw5dnKEZ
Score

10^/10

flubot banker discovery infostealer trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flubotbankerdiscoveryinfostealertrojan

behavioral2

flubotbankerdiscoveryinfostealertrojan

behavioral3

flubotbankerdiscoveryinfostealertrojan

© 2018-2024

Terms | Privacy