flubot | 5b62a449bdeff05e4bf7b6e42870ed4ad8d3f9a6cef66267b05295d8937e0b10 | Triage

Submit
Reports

Overview

overview

Static

static

6

452cc39649...18.apk

android-9-x86

452cc39649...18.apk

android-10-x64

452cc39649...18.apk

android-11-x64

Sharing

General

Target

452cc39649bfdfdd81de938f2ce93481_JaffaCakes118
Size

4.6MB
Sample

240330-1rdxxaga83
MD5

452cc39649bfdfdd81de938f2ce93481
SHA1

b499554198e09fd171bbdd8d1cd3a0711c2a6bbd
SHA256

5b62a449bdeff05e4bf7b6e42870ed4ad8d3f9a6cef66267b05295d8937e0b10
SHA512

1750ae273a2c3b0000a2371e42c9fd3299f667c55d3fa6cf27c0b5154b498a65ed07ae3075dd645f34ca148777e9bea2dd95d936973fce4ca943a4aad999fe1e
SSDEEP

98304:hoNuiDQ9wfSVdDp6gDkTjhJfB5oxlAuEk0Olk0msIQpfYgQ+Q67D2w:hKr4pVZp6PjbfskXX+fPQd67/

Score

10^/10

flubot android banker collection discovery evasion infostealer persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

452cc39649bfdfdd81de938f2ce93481_JaffaCakes118.apk

Resource

android-x86-arm-20240221-en

flubot banker collection discovery evasion infostealer persistence trojan

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

452cc39649bfdfdd81de938f2ce93481_JaffaCakes118.apk

Resource

android-x64-20240221-en

flubot banker collection discovery evasion infostealer persistence trojan

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

452cc39649bfdfdd81de938f2ce93481_JaffaCakes118.apk

Resource

android-x64-arm64-20240221-en

flubot banker collection discovery evasion infostealer persistence trojan

android-11-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  452cc39649bfdfdd81de938f2ce93481_JaffaCakes118
- Size
  
  4.6MB
- MD5
  
  452cc39649bfdfdd81de938f2ce93481
- SHA1
  
  b499554198e09fd171bbdd8d1cd3a0711c2a6bbd
- SHA256
  
  5b62a449bdeff05e4bf7b6e42870ed4ad8d3f9a6cef66267b05295d8937e0b10
- SHA512
  
  1750ae273a2c3b0000a2371e42c9fd3299f667c55d3fa6cf27c0b5154b498a65ed07ae3075dd645f34ca148777e9bea2dd95d936973fce4ca943a4aad999fe1e
- SSDEEP
  
  98304:hoNuiDQ9wfSVdDp6gDkTjhJfB5oxlAuEk0Olk0msIQpfYgQ+Q67D2w:hKr4pVZp6PjbfskXX+fPQd67/
Score

10^/10

flubot banker collection discovery evasion infostealer persistence trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

flubotbankercollectiondiscoveryevasioninfostealerpersistencetrojan

behavioral2

flubotbankercollectiondiscoveryevasioninfostealerpersistencetrojan

behavioral3

flubotbankercollectiondiscoveryevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy