flubot | dcfe4d8c0265186f24f56cb774f0087cfde3d46fc0d31a7edf7e036a2006513d | Triage

Submit
Reports

Overview

overview

Static

static

6

305c6ef783...d6.apk

android-9-x86

305c6ef783...d6.apk

android-10-x64

305c6ef783...d6.apk

android-11-x64

Sharing

General

Target

305c6ef783ba3db66c8b3262d0ad26d6
Size

3.3MB
Sample

231231-k57jdaaeb8
MD5

305c6ef783ba3db66c8b3262d0ad26d6
SHA1

efd066effa3bfea6c04521a1b32c417f9d19ed34
SHA256

dcfe4d8c0265186f24f56cb774f0087cfde3d46fc0d31a7edf7e036a2006513d
SHA512

b625d6838cd10bb75cf4e25e97e98c3bbbbdf51c020a085ba140dd036994c1f6661efab53b4dbfd42e77f52eee11200537e8f87b851509640ac09886792e5a03
SSDEEP

49152:q77+QbVwYD57Qyr5nsqNz+yBcvPDCkUHXCKgNwVQX3pUyN7AYpDMaSwXZ4coH:qX+AD57QyrKZOcDrjGVzyZAWRS+Zm

Score

10^/10

flubot android banker discovery evasion infostealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

305c6ef783ba3db66c8b3262d0ad26d6.apk

Resource

android-x86-arm-20231215-en

flubot banker discovery evasion infostealer trojan

android-9-x86

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

305c6ef783ba3db66c8b3262d0ad26d6.apk

Resource

android-x64-20231215-en

flubot banker discovery infostealer trojan

android-10-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

305c6ef783ba3db66c8b3262d0ad26d6.apk

Resource

android-x64-arm64-20231215-en

flubot banker discovery evasion infostealer trojan

android-11-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  305c6ef783ba3db66c8b3262d0ad26d6
- Size
  
  3.3MB
- MD5
  
  305c6ef783ba3db66c8b3262d0ad26d6
- SHA1
  
  efd066effa3bfea6c04521a1b32c417f9d19ed34
- SHA256
  
  dcfe4d8c0265186f24f56cb774f0087cfde3d46fc0d31a7edf7e036a2006513d
- SHA512
  
  b625d6838cd10bb75cf4e25e97e98c3bbbbdf51c020a085ba140dd036994c1f6661efab53b4dbfd42e77f52eee11200537e8f87b851509640ac09886792e5a03
- SSDEEP
  
  49152:q77+QbVwYD57Qyr5nsqNz+yBcvPDCkUHXCKgNwVQX3pUyN7AYpDMaSwXZ4coH:qX+AD57QyrKZOcDrjGVzyZAWRS+Zm
Score

10^/10

flubot banker discovery evasion infostealer trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

flubotbankerdiscoveryevasioninfostealertrojan

behavioral2

flubotbankerdiscoveryinfostealertrojan

behavioral3

flubotbankerdiscoveryevasioninfostealertrojan

© 2018-2024

Terms | Privacy