flubot | 50d960ee19dada536fca4afa9602d29123a1e866b6d86ddfffb37e0104f5ff1e | Triage

Sharing

General

Target

50d960ee19dada536fca4afa9602d29123a1e866b6d86ddfffb37e0104f5ff1e.zip
Size

4.6MB
Sample

250326-akjayavthw
MD5

eb5b55b416666e211e9563f251e2e7e1
SHA1

419095b2d314bf23c85ddf09698f675ea343c2ca
SHA256

50d960ee19dada536fca4afa9602d29123a1e866b6d86ddfffb37e0104f5ff1e
SHA512

7dc5fab9294cbd6053f4cb1e87d15fe553270424a12698914a1ecd38cfb8dada22bb78d9ceb3f8cc2067917b259e970e94cfd48b120313f70a8578aad61d92d0
SSDEEP

98304:b35LHi4ZE6ciHiK1RfyT7nO3vQGZRp1iaXO78xi+gBFgUVxvdC6+wTs9XRmJJ09q:b35WCF5HiOy3naQGJ1iafxidHl9XTsHQ

Score

10^/10

flubot android banker collection credential_access defense_evasion discovery evasion impact infostealer persistence trojan

Malware Config

Targets

- Target
  
  831334e1e49ec7a25375562688543ee75b2b3cc7352afc019856342def52476b.apk
- Size
  
  4.8MB
- MD5
  
  c10d38a63e776e5940d281bddbb497d4
- SHA1
  
  ac0561ee9acc38c138409d03a24bdd992a5b1d96
- SHA256
  
  831334e1e49ec7a25375562688543ee75b2b3cc7352afc019856342def52476b
- SHA512
  
  a9ddd9f1f370c0a15fc4f777ccd1bad8e2c3c6ad1236561fe8dc8e44690498e095fe86b755af68d43c14dc9a85cd0f9bbda452463e7dcad1e4bcdb2901ce3da5
- SSDEEP
  
  98304:5qBTEbLg6IcV1bVGgecr2uoyoqxQ7jjrXJ7dGK4z11GafG63W3KL:5BGcV1bVbjCuoyoqxIxGKk1QafN3BL
Score

10^/10

flubot banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan impact
- FluBot
  FluBot is an android banking trojan that uses overlays.
  banker trojan infostealer flubot
- FluBot payload
- Flubot family
  flubot
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

flubotbankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

behavioral2

flubotbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

behavioral3

flubotbankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan