flubot | a3953a902ba6dd604f6da33c0dfb88fd504dfbc8e1d0bb23ba6ee9f77190b567 | Triage

Submit
Reports

Overview

overview

Static

static

6

b2ecb71197...47.apk

android-9-x86

b2ecb71197...47.apk

android-10-x64

b2ecb71197...47.apk

android-11-x64

Sharing

General

Target

b2ecb711979b80d5b528aa07c3f21b47
Size

3.1MB
Sample

240304-x7d13abh87
MD5

b2ecb711979b80d5b528aa07c3f21b47
SHA1

1247f20610a9ebe95d6b461faa7746d487bec905
SHA256

a3953a902ba6dd604f6da33c0dfb88fd504dfbc8e1d0bb23ba6ee9f77190b567
SHA512

2a2b050b0a0e91f9db77900963a91a0918e367980fa4515b1cadfd3a58fa4c168fa9455f41e44a26e266cdc83c2cfb1d88003d7d4a1efdc4af9d3fb7b43d858e
SSDEEP

49152:YjjZ2WjsJTBVAnZ7Yc0UavlSLz+Cq1z6SYsQ97MqK62WhOhzOYNw34mRyFc1KEOL:YjpyQZU5Sex68QLK/yP3PcQ/O0A78Gl

Score

10^/10

flubot android banker collection discovery evasion infostealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b2ecb711979b80d5b528aa07c3f21b47.apk

Resource

android-x86-arm-20240221-en

flubot banker collection discovery evasion infostealer trojan

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

b2ecb711979b80d5b528aa07c3f21b47.apk

Resource

android-x64-20240221-en

flubot banker collection discovery evasion infostealer trojan

android-10-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

b2ecb711979b80d5b528aa07c3f21b47.apk

Resource

android-x64-arm64-20240221-en

flubot banker collection discovery evasion infostealer trojan

android-11-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  b2ecb711979b80d5b528aa07c3f21b47
- Size
  
  3.1MB
- MD5
  
  b2ecb711979b80d5b528aa07c3f21b47
- SHA1
  
  1247f20610a9ebe95d6b461faa7746d487bec905
- SHA256
  
  a3953a902ba6dd604f6da33c0dfb88fd504dfbc8e1d0bb23ba6ee9f77190b567
- SHA512
  
  2a2b050b0a0e91f9db77900963a91a0918e367980fa4515b1cadfd3a58fa4c168fa9455f41e44a26e266cdc83c2cfb1d88003d7d4a1efdc4af9d3fb7b43d858e
- SSDEEP
  
  49152:YjjZ2WjsJTBVAnZ7Yc0UavlSLz+Cq1z6SYsQ97MqK62WhOhzOYNw34mRyFc1KEOL:YjpyQZU5Sex68QLK/yP3PcQ/O0A78Gl
Score

10^/10

flubot banker collection discovery evasion infostealer trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

flubotbankercollectiondiscoveryevasioninfostealertrojan

behavioral2

flubotbankercollectiondiscoveryevasioninfostealertrojan

behavioral3

flubotbankercollectiondiscoveryevasioninfostealertrojan

© 2018-2024

Terms | Privacy