flubot | b421cc0f878b4ed4a2e535d1e9d9e6ffd3c6b822b55e701bc137c2360fd5e7ee | Triage

Sharing

General

Target

b421cc0f878b4ed4a2e535d1e9d9e6ffd3c6b822b55e701bc137c2360fd5e7ee.bin
Size

3.2MB
Sample

240804-12cslasaqb
MD5

3bb9ad5acdbe20df21068ad42801c30d
SHA1

20a654d79cc6e5a6209f001601288b2209f54082
SHA256

b421cc0f878b4ed4a2e535d1e9d9e6ffd3c6b822b55e701bc137c2360fd5e7ee
SHA512

637535aa3034a425c40b3ef428ff51e3bd360e7a4317716887cc19e0755930ad22836dd8b7dc0fbfca977dce58342571ee15c1df8397c00e9bfcc24d9e502e6e
SSDEEP

49152:uYzaaObrX+7P0Fv7f0r9oj/tOLW93L2WhOhzOGNwNUWAvNDT66NnlqIbXob3GoO:uPbrO7P0FgGjEO3QyJNUxV1DqAVoO

Score

10^/10

flubot android banker collection credential_access discovery evasion impact infostealer persistence trojan

Malware Config

Targets

- Target
  
  b421cc0f878b4ed4a2e535d1e9d9e6ffd3c6b822b55e701bc137c2360fd5e7ee.bin
- Size
  
  3.2MB
- MD5
  
  3bb9ad5acdbe20df21068ad42801c30d
- SHA1
  
  20a654d79cc6e5a6209f001601288b2209f54082
- SHA256
  
  b421cc0f878b4ed4a2e535d1e9d9e6ffd3c6b822b55e701bc137c2360fd5e7ee
- SHA512
  
  637535aa3034a425c40b3ef428ff51e3bd360e7a4317716887cc19e0755930ad22836dd8b7dc0fbfca977dce58342571ee15c1df8397c00e9bfcc24d9e502e6e
- SSDEEP
  
  49152:uYzaaObrX+7P0Fv7f0r9oj/tOLW93L2WhOhzOGNwNUWAvNDT66NnlqIbXob3GoO:uPbrO7P0FgGjEO3QyJNUxV1DqAVoO
Score

10^/10

flubot banker collection credential_access discovery evasion infostealer persistence trojan impact
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

flubotbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral2

flubotbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

behavioral3

flubotbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan