flubot | 3865302b66b0efee4ab31130cefdeff55c2e269c7d6dd03c0673134f98254185 | Triage

Sharing

General

Target

3865302b66b0efee4ab31130cefdeff55c2e269c7d6dd03c0673134f98254185.bin
Size

3.4MB
Sample

240902-1xqtnaybjq
MD5

83c3142eeb1fc5a3d88807c0c738c543
SHA1

f0e99360e5c78ed7b8b3d08abc58aaebc9daf4c8
SHA256

3865302b66b0efee4ab31130cefdeff55c2e269c7d6dd03c0673134f98254185
SHA512

94741012e99c9685cdf7354117074f40e1f3ac4f60f934279745ceb5146eccf31701a44b23d728ad3d9c52a95af6a00dbd5bc1366bc7fb9fa2a0127b27926bdd
SSDEEP

98304:dKi5SaYvkjZRFJjAC7mc7KAndX42bIeIJ7l:tS6j7FJdx7lnh4kIDx

Score

10^/10

flubot android banker collection credential_access discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  3865302b66b0efee4ab31130cefdeff55c2e269c7d6dd03c0673134f98254185.bin
- Size
  
  3.4MB
- MD5
  
  83c3142eeb1fc5a3d88807c0c738c543
- SHA1
  
  f0e99360e5c78ed7b8b3d08abc58aaebc9daf4c8
- SHA256
  
  3865302b66b0efee4ab31130cefdeff55c2e269c7d6dd03c0673134f98254185
- SHA512
  
  94741012e99c9685cdf7354117074f40e1f3ac4f60f934279745ceb5146eccf31701a44b23d728ad3d9c52a95af6a00dbd5bc1366bc7fb9fa2a0127b27926bdd
- SSDEEP
  
  98304:dKi5SaYvkjZRFJjAC7mc7KAndX42bIeIJ7l:tS6j7FJdx7lnh4kIDx
Score

10^/10

flubot banker collection credential_access discovery evasion infostealer persistence trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

flubotbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral2

flubotbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral3

flubotbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan