flubot | 5b62a449bdeff05e4bf7b6e42870ed4ad8d3f9a6cef66267b05295d8937e0b10 | Triage

Sharing

General

Target

JaffaCakes118_452cc39649bfdfdd81de938f2ce93481
Size

4.6MB
Sample

250101-dr5djavnhq
MD5

452cc39649bfdfdd81de938f2ce93481
SHA1

b499554198e09fd171bbdd8d1cd3a0711c2a6bbd
SHA256

5b62a449bdeff05e4bf7b6e42870ed4ad8d3f9a6cef66267b05295d8937e0b10
SHA512

1750ae273a2c3b0000a2371e42c9fd3299f667c55d3fa6cf27c0b5154b498a65ed07ae3075dd645f34ca148777e9bea2dd95d936973fce4ca943a4aad999fe1e
SSDEEP

98304:hoNuiDQ9wfSVdDp6gDkTjhJfB5oxlAuEk0Olk0msIQpfYgQ+Q67D2w:hKr4pVZp6PjbfskXX+fPQd67/

Score

10^/10

flubot android banker collection credential_access discovery evasion impact infostealer persistence trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_452cc39649bfdfdd81de938f2ce93481
- Size
  
  4.6MB
- MD5
  
  452cc39649bfdfdd81de938f2ce93481
- SHA1
  
  b499554198e09fd171bbdd8d1cd3a0711c2a6bbd
- SHA256
  
  5b62a449bdeff05e4bf7b6e42870ed4ad8d3f9a6cef66267b05295d8937e0b10
- SHA512
  
  1750ae273a2c3b0000a2371e42c9fd3299f667c55d3fa6cf27c0b5154b498a65ed07ae3075dd645f34ca148777e9bea2dd95d936973fce4ca943a4aad999fe1e
- SSDEEP
  
  98304:hoNuiDQ9wfSVdDp6gDkTjhJfB5oxlAuEk0Olk0msIQpfYgQ+Q67D2w:hKr4pVZp6PjbfskXX+fPQd67/
Score

10^/10

flubot banker collection credential_access discovery evasion impact infostealer persistence trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Flubot family
  flubot
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

flubotbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

behavioral2

flubotbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

behavioral3

flubotbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan