flubot | 4378c93a35083c348931837ef6be518e7c93642b1a5d2fa140115e6998db8c9e | Triage

Sharing

General

Target

4378c93a35083c348931837ef6be518e7c93642b1a5d2fa140115e6998db8c9e.bin
Size

4.1MB
Sample

240826-12jwxaxgqd
MD5

02f8b54203644f951c8c4b5827708949
SHA1

3a431dd74ca00c4c894ede7dbfb880b1d62cbbd7
SHA256

4378c93a35083c348931837ef6be518e7c93642b1a5d2fa140115e6998db8c9e
SHA512

fe1bbdf68ee485e0d010075d2aeda51e298cc29064604905eb47e6fa2120b85504b1fc2e60282f93fcbebc6e38b85c5c231e4e0a1eb07b57112a1a2531a78d23
SSDEEP

98304:wPtaEnsjva/3TefTpBd2pMSDBHG3SZ4/iKGJn2hE:wcLyvI2fGCTKgn2W

Score

10^/10

flubot android banker collection credential_access discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  4378c93a35083c348931837ef6be518e7c93642b1a5d2fa140115e6998db8c9e.bin
- Size
  
  4.1MB
- MD5
  
  02f8b54203644f951c8c4b5827708949
- SHA1
  
  3a431dd74ca00c4c894ede7dbfb880b1d62cbbd7
- SHA256
  
  4378c93a35083c348931837ef6be518e7c93642b1a5d2fa140115e6998db8c9e
- SHA512
  
  fe1bbdf68ee485e0d010075d2aeda51e298cc29064604905eb47e6fa2120b85504b1fc2e60282f93fcbebc6e38b85c5c231e4e0a1eb07b57112a1a2531a78d23
- SSDEEP
  
  98304:wPtaEnsjva/3TefTpBd2pMSDBHG3SZ4/iKGJn2hE:wcLyvI2fGCTKgn2W
Score

10^/10

flubot banker collection credential_access discovery evasion infostealer persistence trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

flubotbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral2

behavioral3

flubotbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan