Overview

overview

10

Static

static

6

3865302b66...85.apk

android-9-x86

10

3865302b66...85.apk

android-10-x64

10

3865302b66...85.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3865302b66b0efee4ab31130cefdeff55c2e269c7d6dd03c0673134f98254185.bin

  • Size

    3.4MB

  • Sample

    240902-1xqtnaybjq

  • MD5

    83c3142eeb1fc5a3d88807c0c738c543

  • SHA1

    f0e99360e5c78ed7b8b3d08abc58aaebc9daf4c8

  • SHA256

    3865302b66b0efee4ab31130cefdeff55c2e269c7d6dd03c0673134f98254185

  • SHA512

    94741012e99c9685cdf7354117074f40e1f3ac4f60f934279745ceb5146eccf31701a44b23d728ad3d9c52a95af6a00dbd5bc1366bc7fb9fa2a0127b27926bdd

  • SSDEEP

    98304:dKi5SaYvkjZRFJjAC7mc7KAndX42bIeIJ7l:tS6j7FJdx7lnh4kIDx

Score
10/10
flubotandroidbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      3865302b66b0efee4ab31130cefdeff55c2e269c7d6dd03c0673134f98254185.bin

    • Size

      3.4MB

    • MD5

      83c3142eeb1fc5a3d88807c0c738c543

    • SHA1

      f0e99360e5c78ed7b8b3d08abc58aaebc9daf4c8

    • SHA256

      3865302b66b0efee4ab31130cefdeff55c2e269c7d6dd03c0673134f98254185

    • SHA512

      94741012e99c9685cdf7354117074f40e1f3ac4f60f934279745ceb5146eccf31701a44b23d728ad3d9c52a95af6a00dbd5bc1366bc7fb9fa2a0127b27926bdd

    • SSDEEP

      98304:dKi5SaYvkjZRFJjAC7mc7KAndX42bIeIJ7l:tS6j7FJdx7lnh4kIDx

    Score
    10/10
    flubotbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

    • FluBot

      FluBot is an android banking trojan that uses overlays.

      bankertrojaninfostealerflubot

    • FluBot payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about active data network

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.