flubot

General

Target

b2ecb711979b80d5b528aa07c3f21b47
Size

3.1MB
Sample

240304-x7d13abh87
MD5

b2ecb711979b80d5b528aa07c3f21b47
SHA1

1247f20610a9ebe95d6b461faa7746d487bec905
SHA256

a3953a902ba6dd604f6da33c0dfb88fd504dfbc8e1d0bb23ba6ee9f77190b567
SHA512

2a2b050b0a0e91f9db77900963a91a0918e367980fa4515b1cadfd3a58fa4c168fa9455f41e44a26e266cdc83c2cfb1d88003d7d4a1efdc4af9d3fb7b43d858e
SSDEEP

49152:YjjZ2WjsJTBVAnZ7Yc0UavlSLz+Cq1z6SYsQ97MqK62WhOhzOYNw34mRyFc1KEOL:YjpyQZU5Sex68QLK/yP3PcQ/O0A78Gl

Score

10^/10

Malware Config

Targets

- Target
  
  b2ecb711979b80d5b528aa07c3f21b47
- Size
  
  3.1MB
- MD5
  
  b2ecb711979b80d5b528aa07c3f21b47
- SHA1
  
  1247f20610a9ebe95d6b461faa7746d487bec905
- SHA256
  
  a3953a902ba6dd604f6da33c0dfb88fd504dfbc8e1d0bb23ba6ee9f77190b567
- SHA512
  
  2a2b050b0a0e91f9db77900963a91a0918e367980fa4515b1cadfd3a58fa4c168fa9455f41e44a26e266cdc83c2cfb1d88003d7d4a1efdc4af9d3fb7b43d858e
- SSDEEP
  
  49152:YjjZ2WjsJTBVAnZ7Yc0UavlSLz+Cq1z6SYsQ97MqK62WhOhzOYNw34mRyFc1KEOL:YjpyQZU5Sex68QLK/yP3PcQ/O0A78Gl
Score

10^/10

flubot banker collection discovery evasion infostealer trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

1

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Discovery

Lateral Movement

Collection

Screen Capture

1

T1513

Command and Control

Exfiltration

Impact

Input Injection

1

T1516

Tasks

Sharing

General

Malware Config

Targets

FluBot payload

Creates a large amount of network flows

Makes use of the framework's Accessibility service

Loads dropped Dex/Jar

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3