flubot | 26ecde3eb64a832305b3ba0599dd54d800ca58b7c5768d22543acf495347973c | Triage

Submit
Reports

Overview

overview

Static

static

6

5cd1368606...3d.apk

android-9-x86

5cd1368606...3d.apk

android-10-x64

5cd1368606...3d.apk

android-11-x64

Sharing

General

Target

5cd1368606221b93e71740f17dc32e3d
Size

3.3MB
Sample

240115-l88raaehc9
MD5

5cd1368606221b93e71740f17dc32e3d
SHA1

ea73def168df818f7271e24c694ad76704727881
SHA256

26ecde3eb64a832305b3ba0599dd54d800ca58b7c5768d22543acf495347973c
SHA512

19c74066891810a1227c79ebf907fa50d2ddf393160306c44768b81de44adef395e11a9076bb4b86d75f3fc46d0b7a2c122cfe33ba22951622979477edb07c4c
SSDEEP

98304:5ELGt3ZuI7y690JAD/oD4SHXf6/LTdCHKX:5eGfuI7y2oDt4

Score

10^/10

flubot android banker discovery infostealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5cd1368606221b93e71740f17dc32e3d.apk

Resource

android-x86-arm-20231215-en

flubot banker discovery infostealer trojan

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

5cd1368606221b93e71740f17dc32e3d.apk

Resource

android-x64-20231215-en

flubot banker discovery infostealer trojan

android-10-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

5cd1368606221b93e71740f17dc32e3d.apk

Resource

android-x64-arm64-20231215-en

flubot banker discovery infostealer trojan

android-11-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  5cd1368606221b93e71740f17dc32e3d
- Size
  
  3.3MB
- MD5
  
  5cd1368606221b93e71740f17dc32e3d
- SHA1
  
  ea73def168df818f7271e24c694ad76704727881
- SHA256
  
  26ecde3eb64a832305b3ba0599dd54d800ca58b7c5768d22543acf495347973c
- SHA512
  
  19c74066891810a1227c79ebf907fa50d2ddf393160306c44768b81de44adef395e11a9076bb4b86d75f3fc46d0b7a2c122cfe33ba22951622979477edb07c4c
- SSDEEP
  
  98304:5ELGt3ZuI7y690JAD/oD4SHXf6/LTdCHKX:5eGfuI7y2oDt4
Score

10^/10

flubot banker discovery infostealer trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

flubotbankerdiscoveryinfostealertrojan

behavioral2

flubotbankerdiscoveryinfostealertrojan

behavioral3

flubotbankerdiscoveryinfostealertrojan

© 2018-2024

Terms | Privacy