flubot

General

Target

123e0094cc60a8054ace5e354f134462ee9e0e19f9f3a541118e5959ee24148d.zip
Size

4.1MB
Sample

250325-h9b7xssxgx
MD5

8209cfe5b5a7290fdbaff6084a9a5be8
SHA1

ef26503bc0e958bc6690f7424b39a2fdbfa2d98c
SHA256

123e0094cc60a8054ace5e354f134462ee9e0e19f9f3a541118e5959ee24148d
SHA512

59f8a719dd5ca2bd0606f0a6cc66bd15e50de53b9b6290a73e1cb64f73d38d252b796e45de32f7b1871d5403eee70b08e94dbd93a5a1d5f59c0c29753900b90f
SSDEEP

98304:8TZAzA1UU8QaucMqrQwBW210ib379X8N3cB+A67bi:gsA6maucZNBW4HlM3sd

Score

10^/10

Malware Config

Targets

- Target
  
  607ceb008d54328c885339fc2d793286834e887b2a328129455343bb8867698b.apk
- Size
  
  4.3MB
- MD5
  
  a45dc99d0d146524d608691f86d00d63
- SHA1
  
  563551eeb18bd5c2889d3ce98462912148189d0f
- SHA256
  
  607ceb008d54328c885339fc2d793286834e887b2a328129455343bb8867698b
- SHA512
  
  a6e6cb676e89c581f2343cf7e3bb2dc1744e8038a063bc5cf17d3ab53df3a1e3dd6b0c8edab58982ee48518be0d488a47454b639a0a6a67be1d1cd1609d0a2b6
- SSDEEP
  
  98304:r/KW9aS2qftu6uCFY/9RhP3ueI6EQGTgKnOHTlUETyh5JJ:r/zjiY49RR3DJRKOzGEA5r
Score

10^/10

flubot banker collection credential_access defense_evasion discovery evasion impact infostealer persistence trojan
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Flubot family
  flubot
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3