Reconnecting to live updates…
FluBot - Distribution vectors & Threat network infrastructure
Severity: lowType: malware
FluBot - Distribution vectors & Threat network infrastructure
AI Analysis
Technical Summary
FluBot is a well-known Android banking Trojan malware that primarily targets mobile devices through various distribution vectors, including SMS phishing (smishing), malicious links, and fraudulent applications. The malware is designed to steal sensitive information such as banking credentials, contact lists, SMS messages, and other personal data. FluBot operates by masquerading as legitimate apps or messages to trick users into installing it. Once installed, it gains extensive permissions to intercept SMS messages, overlay fake login screens, and propagate itself by sending infected messages to contacts. The threat network infrastructure supporting FluBot includes command and control (C2) servers that manage the malware's operations, distribute payloads, and receive stolen data. Although the provided information does not specify affected versions or known exploits in the wild, FluBot's persistence and continuous evolution have made it a perpetual threat in the mobile malware landscape. The threat level is indicated as moderate (3 on an unspecified scale), and the overall severity is currently assessed as low, likely due to limited active exploitation or containment measures. No patches are available since this is malware rather than a software vulnerability. The analysis certainty is moderate (50%), reflecting some uncertainty in the intelligence. FluBot's distribution vectors and network infrastructure are critical components enabling its spread and operation, emphasizing the importance of monitoring network activity and payload delivery mechanisms to detect and mitigate infections.
Potential Impact
For European organizations, FluBot poses a significant risk primarily to employees using Android mobile devices, especially those who may be targeted via SMS phishing campaigns. The malware's ability to steal banking credentials and intercept communications can lead to financial fraud, unauthorized access to corporate accounts, and leakage of sensitive contact information. This can result in reputational damage, financial losses, and potential regulatory penalties under GDPR if personal data is compromised. Additionally, the malware's propagation through contact lists can facilitate rapid spread within organizations and their extended networks, increasing the attack surface. The threat is particularly concerning for sectors with high mobile device usage and financial transactions, such as banking, finance, and telecommunications. While the current severity is low, the persistent nature of FluBot and its evolving tactics mean that European organizations must remain vigilant to prevent potential escalations. The lack of patches and the malware's reliance on social engineering make user awareness and network monitoring critical defense components.
Mitigation Recommendations
1. Implement advanced SMS filtering and phishing detection solutions to block malicious messages before reaching end users. 2. Enforce strict mobile device management (MDM) policies that restrict installation of applications from unknown sources and mandate regular security updates. 3. Conduct targeted user awareness training focused on recognizing smishing attempts and the risks of installing unverified apps. 4. Monitor network traffic for unusual patterns indicative of C2 communication or data exfiltration related to FluBot's known behaviors. 5. Deploy endpoint detection and response (EDR) tools capable of identifying and isolating infected devices promptly. 6. Encourage the use of multi-factor authentication (MFA) for accessing corporate and financial accounts to mitigate credential theft impact. 7. Collaborate with mobile carriers and cybersecurity information sharing organizations to stay updated on emerging FluBot variants and infrastructure changes. 8. Regularly audit and review permissions granted to installed applications on corporate devices to detect anomalies. These measures go beyond generic advice by focusing on mobile-specific controls, network-level detection, and proactive user education tailored to FluBot's distribution and operational methods.
Affected Countries
Germany, United Kingdom, France, Italy, Spain, Netherlands, Belgium, Poland, Sweden, Finland
Indicators of Compromise
- hash: 5440c9951f2435f861895ef8ecdd885079326048d543a2d152c1482b236422fe
- hash: 6b43b38cbc9af296e3ffeecf0f53986f42af21fd59ce158d7deedc06d597880e
- hash: 149bcf7c90579360368ef789d22051296946ab5a64dff19972563dd78fd42ca7
- hash: 919d5386403108c372e53e016ac4b0a010baf037dbb72adb524d5cad466831a2
- hash: f64a9838ba01f483ffcc11baa109003b47d7055e26182f079bf5feb482256906
- hash: d0ccb581b7783b4608f10c7c373d9e7971531c658442d9cda6e20f62f972e964
- hash: 2ac60db8698b3d3221b47a52979ae44720c62807088dbd856c786830d3b99547
- hash: eb2d01de83f5e796f074ceb8deb048fa1967a25c7690e7a8419e0741ecaa6ccb
- hash: fffe22d057d8dc4d55d790b737e19778fafe5767a4fad0dca32681c8dfbb9c51
- hash: 8ff8c5719e444d7cefecb4e50225459c482dba14121e558f5663f5b8a0878fe0
- hash: 54347eda80a8368ed2821ef1b8b53c7c5f787b6d9ca35dfdbaecb9b4de8e2ac7
- hash: 2751de28dbceb10e5b9bc9e56da86995e05da50b8458ea9ff7d0f10cd0ea05c5
- hash: 170e5d86b0d300fb323f74149f42954c7a6bd5c22de48f56ec04bf9f027ed43a
- hash: d8110a455393134b08df56d3c51bfa6686edebde6fa23e9522d1dedc01cd04f6
- hash: b932f9fcbcd3c278483655fe0f75a06f328c7b36c2ecef394d07e8413adff2b5
- hash: 967b892f4a4bac42fb9a7f73148e7b05a66748f082b1c6dbfbd7fd71588e160d
- hash: 66aea98fba52ca12dd4ab2d0c59cfba91be4228c560fc1a9a80920b55347cec0
- hash: 6dca66df42bd8494a68b0844baf9a74e4bbd8da25633bca4914817f18657e009
- hash: c375ae92145443a6b5cfbb7cc22980a29ee7ef58b3c78aff46f0e8b107e1f9f7
- hash: 72038c4d742717c91add32782d8128e5c7753b4cd7ef566bcc1d39aa0df0677e
- hash: 596669e4ee62dd88d2ad8cd5b9f66d21a243874280e56566b6530cab61ed15b2
- hash: f01fd08eb1052336d4e45a8d1761c606c4e92477e069757292a359c1e8aabb0b
- hash: d36b953bd7ce710bb1ccd1f2889d6c58118736a8d384ea994040b79f02cc3c31
- hash: b9c07b0add0ebfdfb953f12ca052352e83f960649b3e3b260bd55cd93c9252bc
- hash: b9e30b1122f4f7b875893dc81126dc002e58997fde186f9a50efa25d0d41b8a2
- hash: 4d2ba508dca9a3ce899aa342252f786c29c81a735433b98163b27a7c1f76c646
- hash: e87201c6dfd3b5f885a187603d0b23401c2879b5e08bb109262f17f3ed85e875
- hash: c5e1be1f3b4b0978b9a8d32d545c5d775db521592c4b0c41ee29dd6353cb0190
- hash: 6559d31bd3b4516030639ae34a8eddad15c6e57874d70ba30fc618cf0a792092
- hash: cd29071298cbab67d898b5cbcf4b56f1b7d725f85267037659bdd2da3083f57e
- hash: 895b50987111be72c9bd5412362cdf69103a5e5a215a7bac5fe42fa1178f2224
- hash: fe4039c80b51bb184604b056d4e86b3e69fc8cb7278e61887d8c8c63155f7cd7
- hash: 77573139944c47abf290288581650dfde32bcae6d6f1577e65987f948f483385
- hash: 62358206c2556f33c499c2f95d015dcba0891fb82ab054a26337b3bdbf7c553d
- hash: c1acb4b2e5cc4c7999e1b00e1654d2decec33bb35f44d6c4b0dc6e41c7062975
- hash: 2d868633f3bcb67908cb1a5349a1b2de3e4dfa4f160f4b0c70fe84ccdedb33ae
- hash: 4ded51da1c85dc6bb80665a8d1090d7df4948bccdc294956015e9e69a6156e70
- hash: 1075f783527ef766efb3112e479815c4b3b867007f1dc9b8bd24fb6a5adb3d0b
- hash: eb3aacf8f5ae59bdbf2fe2684065887fce11577151564fd1a7d907ecd1b319df
- hash: 5a2684ad28a602e041aeddf1c0ffab3a0ce29c3420b4a4d8a8351043a2269483
- hash: 00b4c3bd5810a17561ab7c69fc80168b2140ebfff458a8e383ed901f764856c3
- hash: 60aacf6d4c9a53d3dae37206f889daf474b87fbc7e5b88196bc73600ea886d61
- hash: 176798f8aef40d58037ff4a5095d177dc47533593fb136804c3ee5c07db50449
- hash: c763d0c9b889931660911cf178e4052669970b3dbcd7a30c011dce70f6ca2384
- hash: 739cf7d01fc17a8d38fd0ec31008cbd8eb4e298072fb9de369d37680bae0bbaf
- domain: vipmein.com
- hash: 0a4454f9469e6dfb9c5503ac305748b3ca61d1b5fcff7f43a348477c2e49cc3b
- hash: f237d5e31a0e4bf7dbe1f0364c1262b11539bac89996d4399842ae7a24ca49bc
- domain: myworldnetwork.org
- domain: progralmedical.com.co
- hash: 0500da6dcfcf408620507d324ddd34f47c07c4964a844f16ba1c0f2e0273113f
- hash: 0a4ad4379937702baeff781a1ca59269614fa0a2747d7383a0f3d23a93f46111
- domain: flavarich.com
- hash: 008ed2a4238d5a716da50aed532303b4fa73f60a86d3ed2f6e4fe2ad99d5451f
- domain: cuicsi.com
- link: https://www.virustotal.com/graph/g22d43102476d4553ab575464b9cb9c5a67288ac02bda4b0cadac953f72409841
- hash: 38d7c44a979a29d0de75eaf4c1a65acb
- hash: f5e5dfc7079c057255019b6a14c469eb3a5c7be3
- hash: 5440c9951f2435f861895ef8ecdd885079326048d543a2d152c1482b236422fe
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBnWVUNq:HDRv1m4bnQgISrBLdBnWVUNq
- hash: caa811e669de34c1e3a307e78c236a1b
- hash: 8daeeb335b400596339e3f14eb3164535368da87
- hash: 6b43b38cbc9af296e3ffeecf0f53986f42af21fd59ce158d7deedc06d597880e
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSeBLdB9pVUN+:HDRv1m4bnQgISeBLdB9pVUN+
- text: Malicious
- hash: 1a7baa4651e68d3f9c68f568e7228746
- hash: bd8e9f17f356797057fbedb67b480a96b739924e
- hash: 149bcf7c90579360368ef789d22051296946ab5a64dff19972563dd78fd42ca7
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBdNVUNa:HDRv1m4bnQgISrtLdBdNVUNa
- hash: 638021076f788cfc61307d2a2bb2d9a5
- hash: 16ab531d1cea237af35509162c1e2fa7d50fde5c
- hash: 919d5386403108c372e53e016ac4b0a010baf037dbb72adb524d5cad466831a2
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdByMVUN+:HDRv1m4bnQgISrtLdByMVUN+
- hash: 8222e626ab53b2bbfe1e4ed9aeb39f98
- hash: 3ecbf86b04032941968a9324a4934de29cbacc5a
- hash: f64a9838ba01f483ffcc11baa109003b47d7055e26182f079bf5feb482256906
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBcBVUN+:HDRv1m4bnQgISrpLdBcBVUN+
- hash: 9fbae29944cd424f4578702e2a099753
- hash: fd760c27cc9de23962ee209eb62f69720b8c2396
- hash: d0ccb581b7783b4608f10c7c373d9e7971531c658442d9cda6e20f62f972e964
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBYbVUN+:HDRv1m4bnQgISrpLdBYbVUN+
- hash: e786f6d443aafd8608b8d94b11008dc6
- hash: 4e6936e746143f7f810cdd76a3ffbf5e88169ef1
- hash: 2ac60db8698b3d3221b47a52979ae44720c62807088dbd856c786830d3b99547
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrVLdBqgVUNq:HDRv1m4bnQgISrVLdBqgVUNq
- hash: dd44c6c5d90f1c108b22c11906458d48
- hash: fb28e3ca2a9edd338ac8a4bb5c05227988faef67
- hash: eb2d01de83f5e796f074ceb8deb048fa1967a25c7690e7a8419e0741ecaa6ccb
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBvsVUNe:HDRv1m4bnQgISrtLdBvsVUNe
- hash: 059e1922369b2279f1666422c5bc3b4c
- hash: cc6b9d38ceb587c3995e1fc8c7d916ee0d1d8f26
- hash: fffe22d057d8dc4d55d790b737e19778fafe5767a4fad0dca32681c8dfbb9c51
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBP9VUN+:HDRv1m4bnQgISrBLdBP9VUN+
- hash: ac96b4e4286609d43bea2e850a8d9cc9
- hash: 5225aa218aa332ce912ca4726831f528daaa32b3
- hash: 8ff8c5719e444d7cefecb4e50225459c482dba14121e558f5663f5b8a0878fe0
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSxBLdBCvVUN6:HDRv1m4bnQgISxBLdBCvVUN6
- hash: ca3a1e42137a72d20c67aa09964c270a
- hash: 50b7490af4d552b556fc7f3744144c7a4d845cb4
- hash: 54347eda80a8368ed2821ef1b8b53c7c5f787b6d9ca35dfdbaecb9b4de8e2ac7
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBMQVUN6:HDRv1m4bnQgISrBLdBMQVUN6
- hash: 737dd886c264f156037961aa36ed3380
- hash: 0f40fba87e5b6344bcac82ecab78e877720722da
- hash: 2751de28dbceb10e5b9bc9e56da86995e05da50b8458ea9ff7d0f10cd0ea05c5
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBIvVUN6:HDRv1m4bnQgISrtLdBIvVUN6
- hash: 2795769abf652dde551ca429a181a960
- hash: 1c27b99b0828b064128f81ae938a164495f8f5f6
- hash: 170e5d86b0d300fb323f74149f42954c7a6bd5c22de48f56ec04bf9f027ed43a
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSsFLdBq/VUNO:HDRv1m4bnQgISsFLdBq/VUNO
- hash: c8c36e56bda101476d64ff8adee968fb
- hash: 8380ef57f2aa9786cb248fae56ab2629a5b5fb0a
- hash: d8110a455393134b08df56d3c51bfa6686edebde6fa23e9522d1dedc01cd04f6
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBydVUN6:HDRv1m4bnQgISrtLdBydVUN6
- hash: d933782ee439f8f76fe62b73446fefb2
- hash: df2139aa3e862da49226ea1c3a2ac613c33d8732
- hash: b932f9fcbcd3c278483655fe0f75a06f328c7b36c2ecef394d07e8413adff2b5
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBZyVUNO:HDRv1m4bnQgISrpLdBZyVUNO
- hash: c41c03d76714975e884d1aaeaf1abe7e
- hash: 2de8a7df1496ecda0d032bf1ee6ca16a422b500a
- hash: 967b892f4a4bac42fb9a7f73148e7b05a66748f082b1c6dbfbd7fd71588e160d
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBzEVUNK:HDRv1m4bnQgISrtLdBzEVUNK
- hash: 77119c857688ef57278a7dae997902f6
- hash: 5e2974718f4f9924b387a190d98860b078d578cd
- hash: 66aea98fba52ca12dd4ab2d0c59cfba91be4228c560fc1a9a80920b55347cec0
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlS1BLdB+LVUNu:HDRv1m4bnQgIS1BLdB+LVUNu
- hash: 5b37e5ea31b593d671c9e7dc91af277d
- hash: e95342e8959bc96b422f2f39e91ce67fc8eb4e6d
- hash: 6dca66df42bd8494a68b0844baf9a74e4bbd8da25633bca4914817f18657e009
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBkxVUN6:HDRv1m4bnQgISrBLdBkxVUN6
- hash: 2d59e68a5a0b07eb6b4a432bf884a952
- hash: a822d9e1221cf8e5887088f79e22e410e473df39
- hash: c375ae92145443a6b5cfbb7cc22980a29ee7ef58b3c78aff46f0e8b107e1f9f7
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBbyVUNO:HDRv1m4bnQgISrtLdBbyVUNO
- hash: a08ddcb5b46a9a12271bb2eb465965f7
- hash: 5a30279de2f80ccd0ccc2d29fb06b35fae9c697a
- hash: 72038c4d742717c91add32782d8128e5c7753b4cd7ef566bcc1d39aa0df0677e
- tlsh: t16ff32a2030b3ac17e64226311ccacd5822eb6e531847d72b77487b6e5f36a707dba61d
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBfFVUNe:HDRv1m4bnQgISrtLdBfFVUNe
- hash: 6e8632d7df6a6eec74a3cfecd60b3fbf
- hash: fa318bea3da06e9a27452ee30dc240256dd1cc0f
- hash: 596669e4ee62dd88d2ad8cd5b9f66d21a243874280e56566b6530cab61ed15b2
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrVLdBAvVUNK:HDRv1m4bnQgISrVLdBAvVUNK
- hash: dfe84a7ea7a861a441ed56038ffe11b0
- hash: e14bedd93bb1822e3bc8535aa53bd772d3e95a25
- hash: f01fd08eb1052336d4e45a8d1761c606c4e92477e069757292a359c1e8aabb0b
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBMqVUNu:HDRv1m4bnQgISrtLdBMqVUNu
- hash: 1f4c363757b551dd68d621bd76f94ce5
- hash: 48dd87d515d1d9c8471d17e579bb374fd643c735
- hash: d36b953bd7ce710bb1ccd1f2889d6c58118736a8d384ea994040b79f02cc3c31
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBqpVUN6:HDRv1m4bnQgISrtLdBqpVUN6
- hash: 57ec1605b534e2381fceb0eef1b58578
- hash: 651f7ea8ccf287459494772072ffe935ba36d78a
- hash: b9c07b0add0ebfdfb953f12ca052352e83f960649b3e3b260bd55cd93c9252bc
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBKjVUNu:HDRv1m4bnQgISrpLdBKjVUNu
- hash: dd9bb11d6f383e9a7dc9715d16602fda
- hash: fcfa07ebe74dfe70b3ec67a3f4cda1c658e619e3
- hash: b9e30b1122f4f7b875893dc81126dc002e58997fde186f9a50efa25d0d41b8a2
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBCHVUNa:HDRv1m4bnQgISrpLdBCHVUNa
- hash: 09a1bff807b888d57bb6c987f2abcf55
- hash: 3a26b71c44f95c37df70df405f745b9faf1e146a
- hash: 4d2ba508dca9a3ce899aa342252f786c29c81a735433b98163b27a7c1f76c646
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlS8BLdBjdVUNK:HDRv1m4bnQgIS8BLdBjdVUNK
- hash: 7dac0b3a1ad417adfe960cfd338df604
- hash: acda6914e8080c0806513f5e28620306a78abd06
- hash: e87201c6dfd3b5f885a187603d0b23401c2879b5e08bb109262f17f3ed85e875
- tlsh: t186f33a2030b3ac17e64226311ccacd5822eb6f531847d72b77447b6e5e36a707dbaa1d
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdB9BVUN+:HDRv1m4bnQgISrtLdB9BVUN+
- hash: 2a4cb7a920ef94740df6a8fc93dfa047
- hash: e30b7ab474b1f31d5a46c27bdebd7bfe8e343d5c
- hash: c5e1be1f3b4b0978b9a8d32d545c5d775db521592c4b0c41ee29dd6353cb0190
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBz0VUNK:HDRv1m4bnQgISrBLdBz0VUNK
- hash: 25a49ff1f9e1a7b0ca081abe41884bfb
- hash: e5fff0e79152c9e85f2031a854769fa5fa1dabf6
- hash: 6559d31bd3b4516030639ae34a8eddad15c6e57874d70ba30fc618cf0a792092
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrVLdBR3VUNq:HDRv1m4bnQgISrVLdBR3VUNq
- hash: 20ee2a9f7d6c194e1cefc2b2ba322a27
- hash: c8f39af1b086ec62678002008154b1c69134fef5
- hash: cd29071298cbab67d898b5cbcf4b56f1b7d725f85267037659bdd2da3083f57e
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBeMVUNK:HDRv1m4bnQgISrBLdBeMVUNK
- hash: c8c4cc42d6376360bc75081b229c6010
- hash: b5e6383efe230b5b712e9fe520e45e71a30b1c2b
- hash: 895b50987111be72c9bd5412362cdf69103a5e5a215a7bac5fe42fa1178f2224
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrVLdBjHVUNu:HDRv1m4bnQgISrVLdBjHVUNu
- hash: 5adeea8f27119bfebf399141e0844c34
- hash: 08a142a30926e9419e8abefcbbce0e4e24bbde8b
- hash: fe4039c80b51bb184604b056d4e86b3e69fc8cb7278e61887d8c8c63155f7cd7
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBDjVUNO:HDRv1m4bnQgISrBLdBDjVUNO
- hash: 6a791aa708c8fd8d83b31a8438671c95
- hash: 76897b42c31a1076e5c5f57301ab7d875cfd217e
- hash: 77573139944c47abf290288581650dfde32bcae6d6f1577e65987f948f483385
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBp7VUNK:HDRv1m4bnQgISrpLdBp7VUNK
- hash: bd75861fe013ac5a55ca4d78e540eebd
- hash: e5190ab7216d8bb7205050d78a377a00e02e36d2
- hash: 62358206c2556f33c499c2f95d015dcba0891fb82ab054a26337b3bdbf7c553d
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBA7VUN+:HDRv1m4bnQgISrtLdBA7VUN+
- hash: abaac6159d861acaee237ba95d61a4a2
- hash: 7b3a63f58f30313ba4d64a97921600e1d0becc2f
- hash: c1acb4b2e5cc4c7999e1b00e1654d2decec33bb35f44d6c4b0dc6e41c7062975
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBLeaVUN6:HDRv1m4bnQgISrtLdBLHVUN6
- hash: ab23b07a500cdb11a5f1d551e34e9ea3
- hash: a5baf0809e921ab28d0c374defa22c95b82d7c38
- hash: 2d868633f3bcb67908cb1a5349a1b2de3e4dfa4f160f4b0c70fe84ccdedb33ae
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBHcVUNq:HDRv1m4bnQgISrtLdBHcVUNq
- hash: dce6617dcda6959a86143fd9f7c3d974
- hash: 76594616045f0dbd2fd7a0f8b2d256ba7b9d266e
- hash: 4ded51da1c85dc6bb80665a8d1090d7df4948bccdc294956015e9e69a6156e70
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBSCVUN+:HDRv1m4bnQgISrtLdBSCVUN+
- hash: ac401002c9d5819dc4588f0f03603b66
- hash: 7841e20fc03022ca3c1a644f942c6881f0706c25
- hash: 1075f783527ef766efb3112e479815c4b3b867007f1dc9b8bd24fb6a5adb3d0b
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBnUVUNe:HDRv1m4bnQgISrtLdBnUVUNe
- hash: b16bd56bf99aa5e6aa90431db5cc8892
- hash: b1cd50a3a65bf32bf374319ee61f197a865acdc5
- hash: eb3aacf8f5ae59bdbf2fe2684065887fce11577151564fd1a7d907ecd1b319df
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBsrVUNa:HDRv1m4bnQgISrpLdBsrVUNa
- hash: 6da0fb55ed4929466104b51c363848ed
- hash: 9d23d76c1fcb9698fbcbc0e36266ba180f1adea6
- hash: 5a2684ad28a602e041aeddf1c0ffab3a0ce29c3420b4a4d8a8351043a2269483
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdB4hVUNK:HDRv1m4bnQgISrpLdB4hVUNK
- hash: 4dbaf10c3fc3bd47a3565848a297a566
- hash: 1a15cf47658834184e41c58b6f9528bf390cadaf
- hash: 00b4c3bd5810a17561ab7c69fc80168b2140ebfff458a8e383ed901f764856c3
- tlsh: t112042a2030b3ac17e64226311ccacd5822ea6e131847d72b774c7b6e5f36a707dba61d
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBp7VUNu:HDRv1m4bnQgISrpLdBp7VUNu
- hash: 9d4856a32a1716ee6793837a8fdea10c
- hash: 08a4947f7bd5fdc006b054286ef9b58a9789a5c9
- hash: 60aacf6d4c9a53d3dae37206f889daf474b87fbc7e5b88196bc73600ea886d61
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBBzVUNK:HDRv1m4bnQgISrpLdBBzVUNK
- hash: 0740171638726dc072b8350b917c9a40
- hash: b6c63a2a92274a2caaf004de6897e5c00d063410
- hash: 176798f8aef40d58037ff4a5095d177dc47533593fb136804c3ee5c07db50449
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBDyVUNq:HDRv1m4bnQgISrBLdBDyVUNq
- hash: 40397d048abd4fabe7ac7807e61d38bd
- hash: c403ad6ce85a16c8b4cf5a03c5a7a32162d368c9
- hash: c763d0c9b889931660911cf178e4052669970b3dbcd7a30c011dce70f6ca2384
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBoiVUNO:HDRv1m4bnQgISrtLdBoiVUNO
- hash: 73cf42ac9f798520aa5bafa6676bacde
- hash: b6332ffc8668b2df7a2769029bb906fe766cc14a
- hash: 739cf7d01fc17a8d38fd0ec31008cbd8eb4e298072fb9de369d37680bae0bbaf
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBnpVUNq:HDRv1m4bnQgISrpLdBnpVUNq
- domain: vipmein.com
- hash: 5b14a52169db72732b9fbac5aeb01a9b
- hash: d02f4f6a2e4e7820305ec9e940286a88a194e040
- hash: 0a4454f9469e6dfb9c5503ac305748b3ca61d1b5fcff7f43a348477c2e49cc3b
- vhash: 235036651511e0018642f4350
- ssdeep: 6144:LB6xh7Jj+cADxH14rcTDsaYD5XzuUivVz/0t3VaNGb:LBKDj+iQc9Dtil6
- hash: b4b6fbf5b5583e5c80c70d2d098a6baf
- hash: 5a37bcedb51eae2189ca5e756ac130d85c6f9176
- hash: f237d5e31a0e4bf7dbe1f0364c1262b11539bac89996d4399842ae7a24ca49bc
- vhash: 1fb3024c2a32ff9533a8d887e968c58e
- ssdeep: 3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBWlVUNu:HDRv1m4bnQgISrtLdBWlVUNu
- domain: myworldnetwork.org
- domain: progralmedical.com.co
- hash: 4a8bb2097c9ed16860d7b94873749058
- hash: 865e6fce6db60a5e954ee19fb38c79fb2f16f3ba
- hash: 0500da6dcfcf408620507d324ddd34f47c07c4964a844f16ba1c0f2e0273113f
- vhash: 0150465d65555184z1b00521c5z47z1030085fz
- ssdeep: 3072:O03uVpkH5pV43vODxeNgC2uQKrMWc1kAI3+q6bi4It:/GkZpWqxlu/oWjADqui4K
- hash: ffb6f96d96e8d1bc10f434deaab15333
- hash: 43d1f4931997cac065fc42fdd8d0fdf8b9a66482
- hash: 0a4ad4379937702baeff781a1ca59269614fa0a2747d7383a0f3d23a93f46111
- vhash: 23503675151f1za21019
- ssdeep: 6144:dAgtk7bT4mwZ9l/hWHIGPPpHDAxp5JO4i576IABpznCE5R/mHTS/:Te7bT1w7lhYLOxQ4aPyLZRuS/
- domain: flavarich.com
- hash: 34f2c012c821fbe17b85b629e6a30654
- hash: 56d750bfe81c4fc44ac4cc8017b6c3ee2b3765d9
- hash: 008ed2a4238d5a716da50aed532303b4fa73f60a86d3ed2f6e4fe2ad99d5451f
- tlsh: t182c4e05ae7c18e5cec731bfc169f9c657756ecba7088084e2bb578e782307412426a1f
- vhash: 0550566d1c0d1560c8z2618=z
- ssdeep: 12288:eaYoKxF6p8FySpE5zvIdtU+Ymeftv29kXJqF:ea3KP6p8DozAdO9p2CXJqF
- domain: cuicsi.com
FluBot - Distribution vectors & Threat network infrastructure
0
LowMalwaremisp-galaxy:malpedia="flubot"type:osintosint:lifetime="perpetual"osint:certainty="50"tlp:whitetlp:clear
Published: Fri Aug 30 2024 (08/30/2024, 00:00:00 UTC)
Source: CIRCL
Vendor/Project: misp-galaxy
Product: malpedia
Description
FluBot - Distribution vectors & Threat network infrastructure
AI-Powered Analysis
AILast updated: 06/19/2025, 14:19:07 UTC
Technical Analysis
FluBot is a well-known Android banking Trojan malware that primarily targets mobile devices through various distribution vectors, including SMS phishing (smishing), malicious links, and fraudulent applications. The malware is designed to steal sensitive information such as banking credentials, contact lists, SMS messages, and other personal data. FluBot operates by masquerading as legitimate apps or messages to trick users into installing it. Once installed, it gains extensive permissions to intercept SMS messages, overlay fake login screens, and propagate itself by sending infected messages to contacts. The threat network infrastructure supporting FluBot includes command and control (C2) servers that manage the malware's operations, distribute payloads, and receive stolen data. Although the provided information does not specify affected versions or known exploits in the wild, FluBot's persistence and continuous evolution have made it a perpetual threat in the mobile malware landscape. The threat level is indicated as moderate (3 on an unspecified scale), and the overall severity is currently assessed as low, likely due to limited active exploitation or containment measures. No patches are available since this is malware rather than a software vulnerability. The analysis certainty is moderate (50%), reflecting some uncertainty in the intelligence. FluBot's distribution vectors and network infrastructure are critical components enabling its spread and operation, emphasizing the importance of monitoring network activity and payload delivery mechanisms to detect and mitigate infections.
Potential Impact
For European organizations, FluBot poses a significant risk primarily to employees using Android mobile devices, especially those who may be targeted via SMS phishing campaigns. The malware's ability to steal banking credentials and intercept communications can lead to financial fraud, unauthorized access to corporate accounts, and leakage of sensitive contact information. This can result in reputational damage, financial losses, and potential regulatory penalties under GDPR if personal data is compromised. Additionally, the malware's propagation through contact lists can facilitate rapid spread within organizations and their extended networks, increasing the attack surface. The threat is particularly concerning for sectors with high mobile device usage and financial transactions, such as banking, finance, and telecommunications. While the current severity is low, the persistent nature of FluBot and its evolving tactics mean that European organizations must remain vigilant to prevent potential escalations. The lack of patches and the malware's reliance on social engineering make user awareness and network monitoring critical defense components.
Mitigation Recommendations
1. Implement advanced SMS filtering and phishing detection solutions to block malicious messages before reaching end users. 2. Enforce strict mobile device management (MDM) policies that restrict installation of applications from unknown sources and mandate regular security updates. 3. Conduct targeted user awareness training focused on recognizing smishing attempts and the risks of installing unverified apps. 4. Monitor network traffic for unusual patterns indicative of C2 communication or data exfiltration related to FluBot's known behaviors. 5. Deploy endpoint detection and response (EDR) tools capable of identifying and isolating infected devices promptly. 6. Encourage the use of multi-factor authentication (MFA) for accessing corporate and financial accounts to mitigate credential theft impact. 7. Collaborate with mobile carriers and cybersecurity information sharing organizations to stay updated on emerging FluBot variants and infrastructure changes. 8. Regularly audit and review permissions granted to installed applications on corporate devices to detect anomalies. These measures go beyond generic advice by focusing on mobile-specific controls, network-level detection, and proactive user education tailored to FluBot's distribution and operational methods.
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 3
- Analysis
- 0
- Uuid
- 7315018a-36ea-47b4-b3e6-3c68b58788bf
- Original Timestamp
- 1745452996
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash5440c9951f2435f861895ef8ecdd885079326048d543a2d152c1482b236422fe | — | |
hash6b43b38cbc9af296e3ffeecf0f53986f42af21fd59ce158d7deedc06d597880e | — | |
hash149bcf7c90579360368ef789d22051296946ab5a64dff19972563dd78fd42ca7 | — | |
hash919d5386403108c372e53e016ac4b0a010baf037dbb72adb524d5cad466831a2 | — | |
hashf64a9838ba01f483ffcc11baa109003b47d7055e26182f079bf5feb482256906 | — | |
hashd0ccb581b7783b4608f10c7c373d9e7971531c658442d9cda6e20f62f972e964 | — | |
hash2ac60db8698b3d3221b47a52979ae44720c62807088dbd856c786830d3b99547 | — | |
hasheb2d01de83f5e796f074ceb8deb048fa1967a25c7690e7a8419e0741ecaa6ccb | — | |
hashfffe22d057d8dc4d55d790b737e19778fafe5767a4fad0dca32681c8dfbb9c51 | — | |
hash8ff8c5719e444d7cefecb4e50225459c482dba14121e558f5663f5b8a0878fe0 | — | |
hash54347eda80a8368ed2821ef1b8b53c7c5f787b6d9ca35dfdbaecb9b4de8e2ac7 | — | |
hash2751de28dbceb10e5b9bc9e56da86995e05da50b8458ea9ff7d0f10cd0ea05c5 | — | |
hash170e5d86b0d300fb323f74149f42954c7a6bd5c22de48f56ec04bf9f027ed43a | — | |
hashd8110a455393134b08df56d3c51bfa6686edebde6fa23e9522d1dedc01cd04f6 | — | |
hashb932f9fcbcd3c278483655fe0f75a06f328c7b36c2ecef394d07e8413adff2b5 | — | |
hash967b892f4a4bac42fb9a7f73148e7b05a66748f082b1c6dbfbd7fd71588e160d | — | |
hash66aea98fba52ca12dd4ab2d0c59cfba91be4228c560fc1a9a80920b55347cec0 | — | |
hash6dca66df42bd8494a68b0844baf9a74e4bbd8da25633bca4914817f18657e009 | — | |
hashc375ae92145443a6b5cfbb7cc22980a29ee7ef58b3c78aff46f0e8b107e1f9f7 | — | |
hash72038c4d742717c91add32782d8128e5c7753b4cd7ef566bcc1d39aa0df0677e | — | |
hash596669e4ee62dd88d2ad8cd5b9f66d21a243874280e56566b6530cab61ed15b2 | — | |
hashf01fd08eb1052336d4e45a8d1761c606c4e92477e069757292a359c1e8aabb0b | — | |
hashd36b953bd7ce710bb1ccd1f2889d6c58118736a8d384ea994040b79f02cc3c31 | — | |
hashb9c07b0add0ebfdfb953f12ca052352e83f960649b3e3b260bd55cd93c9252bc | — | |
hashb9e30b1122f4f7b875893dc81126dc002e58997fde186f9a50efa25d0d41b8a2 | — | |
hash4d2ba508dca9a3ce899aa342252f786c29c81a735433b98163b27a7c1f76c646 | — | |
hashe87201c6dfd3b5f885a187603d0b23401c2879b5e08bb109262f17f3ed85e875 | — | |
hashc5e1be1f3b4b0978b9a8d32d545c5d775db521592c4b0c41ee29dd6353cb0190 | — | |
hash6559d31bd3b4516030639ae34a8eddad15c6e57874d70ba30fc618cf0a792092 | — | |
hashcd29071298cbab67d898b5cbcf4b56f1b7d725f85267037659bdd2da3083f57e | — | |
hash895b50987111be72c9bd5412362cdf69103a5e5a215a7bac5fe42fa1178f2224 | — | |
hashfe4039c80b51bb184604b056d4e86b3e69fc8cb7278e61887d8c8c63155f7cd7 | — | |
hash77573139944c47abf290288581650dfde32bcae6d6f1577e65987f948f483385 | — | |
hash62358206c2556f33c499c2f95d015dcba0891fb82ab054a26337b3bdbf7c553d | — | |
hashc1acb4b2e5cc4c7999e1b00e1654d2decec33bb35f44d6c4b0dc6e41c7062975 | — | |
hash2d868633f3bcb67908cb1a5349a1b2de3e4dfa4f160f4b0c70fe84ccdedb33ae | — | |
hash4ded51da1c85dc6bb80665a8d1090d7df4948bccdc294956015e9e69a6156e70 | — | |
hash1075f783527ef766efb3112e479815c4b3b867007f1dc9b8bd24fb6a5adb3d0b | — | |
hasheb3aacf8f5ae59bdbf2fe2684065887fce11577151564fd1a7d907ecd1b319df | — | |
hash5a2684ad28a602e041aeddf1c0ffab3a0ce29c3420b4a4d8a8351043a2269483 | — | |
hash00b4c3bd5810a17561ab7c69fc80168b2140ebfff458a8e383ed901f764856c3 | — | |
hash60aacf6d4c9a53d3dae37206f889daf474b87fbc7e5b88196bc73600ea886d61 | — | |
hash176798f8aef40d58037ff4a5095d177dc47533593fb136804c3ee5c07db50449 | — | |
hashc763d0c9b889931660911cf178e4052669970b3dbcd7a30c011dce70f6ca2384 | — | |
hash739cf7d01fc17a8d38fd0ec31008cbd8eb4e298072fb9de369d37680bae0bbaf | — | |
hash0a4454f9469e6dfb9c5503ac305748b3ca61d1b5fcff7f43a348477c2e49cc3b | — | |
hashf237d5e31a0e4bf7dbe1f0364c1262b11539bac89996d4399842ae7a24ca49bc | — | |
hash0500da6dcfcf408620507d324ddd34f47c07c4964a844f16ba1c0f2e0273113f | — | |
hash0a4ad4379937702baeff781a1ca59269614fa0a2747d7383a0f3d23a93f46111 | — | |
hash008ed2a4238d5a716da50aed532303b4fa73f60a86d3ed2f6e4fe2ad99d5451f | — | |
hash38d7c44a979a29d0de75eaf4c1a65acb | — | |
hashf5e5dfc7079c057255019b6a14c469eb3a5c7be3 | — | |
hash5440c9951f2435f861895ef8ecdd885079326048d543a2d152c1482b236422fe | — | |
hashcaa811e669de34c1e3a307e78c236a1b | — | |
hash8daeeb335b400596339e3f14eb3164535368da87 | — | |
hash6b43b38cbc9af296e3ffeecf0f53986f42af21fd59ce158d7deedc06d597880e | — | |
hash1a7baa4651e68d3f9c68f568e7228746 | — | |
hashbd8e9f17f356797057fbedb67b480a96b739924e | — | |
hash149bcf7c90579360368ef789d22051296946ab5a64dff19972563dd78fd42ca7 | — | |
hash638021076f788cfc61307d2a2bb2d9a5 | — | |
hash16ab531d1cea237af35509162c1e2fa7d50fde5c | — | |
hash919d5386403108c372e53e016ac4b0a010baf037dbb72adb524d5cad466831a2 | — | |
hash8222e626ab53b2bbfe1e4ed9aeb39f98 | — | |
hash3ecbf86b04032941968a9324a4934de29cbacc5a | — | |
hashf64a9838ba01f483ffcc11baa109003b47d7055e26182f079bf5feb482256906 | — | |
hash9fbae29944cd424f4578702e2a099753 | — | |
hashfd760c27cc9de23962ee209eb62f69720b8c2396 | — | |
hashd0ccb581b7783b4608f10c7c373d9e7971531c658442d9cda6e20f62f972e964 | — | |
hashe786f6d443aafd8608b8d94b11008dc6 | — | |
hash4e6936e746143f7f810cdd76a3ffbf5e88169ef1 | — | |
hash2ac60db8698b3d3221b47a52979ae44720c62807088dbd856c786830d3b99547 | — | |
hashdd44c6c5d90f1c108b22c11906458d48 | — | |
hashfb28e3ca2a9edd338ac8a4bb5c05227988faef67 | — | |
hasheb2d01de83f5e796f074ceb8deb048fa1967a25c7690e7a8419e0741ecaa6ccb | — | |
hash059e1922369b2279f1666422c5bc3b4c | — | |
hashcc6b9d38ceb587c3995e1fc8c7d916ee0d1d8f26 | — | |
hashfffe22d057d8dc4d55d790b737e19778fafe5767a4fad0dca32681c8dfbb9c51 | — | |
hashac96b4e4286609d43bea2e850a8d9cc9 | — | |
hash5225aa218aa332ce912ca4726831f528daaa32b3 | — | |
hash8ff8c5719e444d7cefecb4e50225459c482dba14121e558f5663f5b8a0878fe0 | — | |
hashca3a1e42137a72d20c67aa09964c270a | — | |
hash50b7490af4d552b556fc7f3744144c7a4d845cb4 | — | |
hash54347eda80a8368ed2821ef1b8b53c7c5f787b6d9ca35dfdbaecb9b4de8e2ac7 | — | |
hash737dd886c264f156037961aa36ed3380 | — | |
hash0f40fba87e5b6344bcac82ecab78e877720722da | — | |
hash2751de28dbceb10e5b9bc9e56da86995e05da50b8458ea9ff7d0f10cd0ea05c5 | — | |
hash2795769abf652dde551ca429a181a960 | — | |
hash1c27b99b0828b064128f81ae938a164495f8f5f6 | — | |
hash170e5d86b0d300fb323f74149f42954c7a6bd5c22de48f56ec04bf9f027ed43a | — | |
hashc8c36e56bda101476d64ff8adee968fb | — | |
hash8380ef57f2aa9786cb248fae56ab2629a5b5fb0a | — | |
hashd8110a455393134b08df56d3c51bfa6686edebde6fa23e9522d1dedc01cd04f6 | — | |
hashd933782ee439f8f76fe62b73446fefb2 | — | |
hashdf2139aa3e862da49226ea1c3a2ac613c33d8732 | — | |
hashb932f9fcbcd3c278483655fe0f75a06f328c7b36c2ecef394d07e8413adff2b5 | — | |
hashc41c03d76714975e884d1aaeaf1abe7e | — | |
hash2de8a7df1496ecda0d032bf1ee6ca16a422b500a | — | |
hash967b892f4a4bac42fb9a7f73148e7b05a66748f082b1c6dbfbd7fd71588e160d | — | |
hash77119c857688ef57278a7dae997902f6 | — | |
hash5e2974718f4f9924b387a190d98860b078d578cd | — | |
hash66aea98fba52ca12dd4ab2d0c59cfba91be4228c560fc1a9a80920b55347cec0 | — | |
hash5b37e5ea31b593d671c9e7dc91af277d | — | |
hashe95342e8959bc96b422f2f39e91ce67fc8eb4e6d | — | |
hash6dca66df42bd8494a68b0844baf9a74e4bbd8da25633bca4914817f18657e009 | — | |
hash2d59e68a5a0b07eb6b4a432bf884a952 | — | |
hasha822d9e1221cf8e5887088f79e22e410e473df39 | — | |
hashc375ae92145443a6b5cfbb7cc22980a29ee7ef58b3c78aff46f0e8b107e1f9f7 | — | |
hasha08ddcb5b46a9a12271bb2eb465965f7 | — | |
hash5a30279de2f80ccd0ccc2d29fb06b35fae9c697a | — | |
hash72038c4d742717c91add32782d8128e5c7753b4cd7ef566bcc1d39aa0df0677e | — | |
hash6e8632d7df6a6eec74a3cfecd60b3fbf | — | |
hashfa318bea3da06e9a27452ee30dc240256dd1cc0f | — | |
hash596669e4ee62dd88d2ad8cd5b9f66d21a243874280e56566b6530cab61ed15b2 | — | |
hashdfe84a7ea7a861a441ed56038ffe11b0 | — | |
hashe14bedd93bb1822e3bc8535aa53bd772d3e95a25 | — | |
hashf01fd08eb1052336d4e45a8d1761c606c4e92477e069757292a359c1e8aabb0b | — | |
hash1f4c363757b551dd68d621bd76f94ce5 | — | |
hash48dd87d515d1d9c8471d17e579bb374fd643c735 | — | |
hashd36b953bd7ce710bb1ccd1f2889d6c58118736a8d384ea994040b79f02cc3c31 | — | |
hash57ec1605b534e2381fceb0eef1b58578 | — | |
hash651f7ea8ccf287459494772072ffe935ba36d78a | — | |
hashb9c07b0add0ebfdfb953f12ca052352e83f960649b3e3b260bd55cd93c9252bc | — | |
hashdd9bb11d6f383e9a7dc9715d16602fda | — | |
hashfcfa07ebe74dfe70b3ec67a3f4cda1c658e619e3 | — | |
hashb9e30b1122f4f7b875893dc81126dc002e58997fde186f9a50efa25d0d41b8a2 | — | |
hash09a1bff807b888d57bb6c987f2abcf55 | — | |
hash3a26b71c44f95c37df70df405f745b9faf1e146a | — | |
hash4d2ba508dca9a3ce899aa342252f786c29c81a735433b98163b27a7c1f76c646 | — | |
hash7dac0b3a1ad417adfe960cfd338df604 | — | |
hashacda6914e8080c0806513f5e28620306a78abd06 | — | |
hashe87201c6dfd3b5f885a187603d0b23401c2879b5e08bb109262f17f3ed85e875 | — | |
hash2a4cb7a920ef94740df6a8fc93dfa047 | — | |
hashe30b7ab474b1f31d5a46c27bdebd7bfe8e343d5c | — | |
hashc5e1be1f3b4b0978b9a8d32d545c5d775db521592c4b0c41ee29dd6353cb0190 | — | |
hash25a49ff1f9e1a7b0ca081abe41884bfb | — | |
hashe5fff0e79152c9e85f2031a854769fa5fa1dabf6 | — | |
hash6559d31bd3b4516030639ae34a8eddad15c6e57874d70ba30fc618cf0a792092 | — | |
hash20ee2a9f7d6c194e1cefc2b2ba322a27 | — | |
hashc8f39af1b086ec62678002008154b1c69134fef5 | — | |
hashcd29071298cbab67d898b5cbcf4b56f1b7d725f85267037659bdd2da3083f57e | — | |
hashc8c4cc42d6376360bc75081b229c6010 | — | |
hashb5e6383efe230b5b712e9fe520e45e71a30b1c2b | — | |
hash895b50987111be72c9bd5412362cdf69103a5e5a215a7bac5fe42fa1178f2224 | — | |
hash5adeea8f27119bfebf399141e0844c34 | — | |
hash08a142a30926e9419e8abefcbbce0e4e24bbde8b | — | |
hashfe4039c80b51bb184604b056d4e86b3e69fc8cb7278e61887d8c8c63155f7cd7 | — | |
hash6a791aa708c8fd8d83b31a8438671c95 | — | |
hash76897b42c31a1076e5c5f57301ab7d875cfd217e | — | |
hash77573139944c47abf290288581650dfde32bcae6d6f1577e65987f948f483385 | — | |
hashbd75861fe013ac5a55ca4d78e540eebd | — | |
hashe5190ab7216d8bb7205050d78a377a00e02e36d2 | — | |
hash62358206c2556f33c499c2f95d015dcba0891fb82ab054a26337b3bdbf7c553d | — | |
hashabaac6159d861acaee237ba95d61a4a2 | — | |
hash7b3a63f58f30313ba4d64a97921600e1d0becc2f | — | |
hashc1acb4b2e5cc4c7999e1b00e1654d2decec33bb35f44d6c4b0dc6e41c7062975 | — | |
hashab23b07a500cdb11a5f1d551e34e9ea3 | — | |
hasha5baf0809e921ab28d0c374defa22c95b82d7c38 | — | |
hash2d868633f3bcb67908cb1a5349a1b2de3e4dfa4f160f4b0c70fe84ccdedb33ae | — | |
hashdce6617dcda6959a86143fd9f7c3d974 | — | |
hash76594616045f0dbd2fd7a0f8b2d256ba7b9d266e | — | |
hash4ded51da1c85dc6bb80665a8d1090d7df4948bccdc294956015e9e69a6156e70 | — | |
hashac401002c9d5819dc4588f0f03603b66 | — | |
hash7841e20fc03022ca3c1a644f942c6881f0706c25 | — | |
hash1075f783527ef766efb3112e479815c4b3b867007f1dc9b8bd24fb6a5adb3d0b | — | |
hashb16bd56bf99aa5e6aa90431db5cc8892 | — | |
hashb1cd50a3a65bf32bf374319ee61f197a865acdc5 | — | |
hasheb3aacf8f5ae59bdbf2fe2684065887fce11577151564fd1a7d907ecd1b319df | — | |
hash6da0fb55ed4929466104b51c363848ed | — | |
hash9d23d76c1fcb9698fbcbc0e36266ba180f1adea6 | — | |
hash5a2684ad28a602e041aeddf1c0ffab3a0ce29c3420b4a4d8a8351043a2269483 | — | |
hash4dbaf10c3fc3bd47a3565848a297a566 | — | |
hash1a15cf47658834184e41c58b6f9528bf390cadaf | — | |
hash00b4c3bd5810a17561ab7c69fc80168b2140ebfff458a8e383ed901f764856c3 | — | |
hash9d4856a32a1716ee6793837a8fdea10c | — | |
hash08a4947f7bd5fdc006b054286ef9b58a9789a5c9 | — | |
hash60aacf6d4c9a53d3dae37206f889daf474b87fbc7e5b88196bc73600ea886d61 | — | |
hash0740171638726dc072b8350b917c9a40 | — | |
hashb6c63a2a92274a2caaf004de6897e5c00d063410 | — | |
hash176798f8aef40d58037ff4a5095d177dc47533593fb136804c3ee5c07db50449 | — | |
hash40397d048abd4fabe7ac7807e61d38bd | — | |
hashc403ad6ce85a16c8b4cf5a03c5a7a32162d368c9 | — | |
hashc763d0c9b889931660911cf178e4052669970b3dbcd7a30c011dce70f6ca2384 | — | |
hash73cf42ac9f798520aa5bafa6676bacde | — | |
hashb6332ffc8668b2df7a2769029bb906fe766cc14a | — | |
hash739cf7d01fc17a8d38fd0ec31008cbd8eb4e298072fb9de369d37680bae0bbaf | — | |
hash5b14a52169db72732b9fbac5aeb01a9b | — | |
hashd02f4f6a2e4e7820305ec9e940286a88a194e040 | — | |
hash0a4454f9469e6dfb9c5503ac305748b3ca61d1b5fcff7f43a348477c2e49cc3b | — | |
hashb4b6fbf5b5583e5c80c70d2d098a6baf | — | |
hash5a37bcedb51eae2189ca5e756ac130d85c6f9176 | — | |
hashf237d5e31a0e4bf7dbe1f0364c1262b11539bac89996d4399842ae7a24ca49bc | — | |
hash4a8bb2097c9ed16860d7b94873749058 | — | |
hash865e6fce6db60a5e954ee19fb38c79fb2f16f3ba | — | |
hash0500da6dcfcf408620507d324ddd34f47c07c4964a844f16ba1c0f2e0273113f | — | |
hashffb6f96d96e8d1bc10f434deaab15333 | — | |
hash43d1f4931997cac065fc42fdd8d0fdf8b9a66482 | — | |
hash0a4ad4379937702baeff781a1ca59269614fa0a2747d7383a0f3d23a93f46111 | — | |
hash34f2c012c821fbe17b85b629e6a30654 | — | |
hash56d750bfe81c4fc44ac4cc8017b6c3ee2b3765d9 | — | |
hash008ed2a4238d5a716da50aed532303b4fa73f60a86d3ed2f6e4fe2ad99d5451f | — |
Domain
| Value | Description | Copy |
|---|---|---|
domainvipmein.com | — | |
domainmyworldnetwork.org | — | |
domainprogralmedical.com.co | — | |
domainflavarich.com | — | |
domaincuicsi.com | — | |
domainvipmein.com | — | |
domainmyworldnetwork.org | — | |
domainprogralmedical.com.co | — | |
domainflavarich.com | — | |
domaincuicsi.com | — |
Link
| Value | Description | Copy |
|---|---|---|
linkhttps://www.virustotal.com/graph/g22d43102476d4553ab575464b9cb9c5a67288ac02bda4b0cadac953f72409841 | — |
Vhash
| Value | Description | Copy |
|---|---|---|
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash235036651511e0018642f4350 | — | |
vhash1fb3024c2a32ff9533a8d887e968c58e | — | |
vhash0150465d65555184z1b00521c5z47z1030085fz | — | |
vhash23503675151f1za21019 | — | |
vhash0550566d1c0d1560c8z2618=z | — |
Ssdeep
| Value | Description | Copy |
|---|---|---|
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBnWVUNq:HDRv1m4bnQgISrBLdBnWVUNq | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSeBLdB9pVUN+:HDRv1m4bnQgISeBLdB9pVUN+ | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBdNVUNa:HDRv1m4bnQgISrtLdBdNVUNa | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdByMVUN+:HDRv1m4bnQgISrtLdByMVUN+ | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBcBVUN+:HDRv1m4bnQgISrpLdBcBVUN+ | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBYbVUN+:HDRv1m4bnQgISrpLdBYbVUN+ | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrVLdBqgVUNq:HDRv1m4bnQgISrVLdBqgVUNq | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBvsVUNe:HDRv1m4bnQgISrtLdBvsVUNe | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBP9VUN+:HDRv1m4bnQgISrBLdBP9VUN+ | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSxBLdBCvVUN6:HDRv1m4bnQgISxBLdBCvVUN6 | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBMQVUN6:HDRv1m4bnQgISrBLdBMQVUN6 | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBIvVUN6:HDRv1m4bnQgISrtLdBIvVUN6 | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSsFLdBq/VUNO:HDRv1m4bnQgISsFLdBq/VUNO | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBydVUN6:HDRv1m4bnQgISrtLdBydVUN6 | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBZyVUNO:HDRv1m4bnQgISrpLdBZyVUNO | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBzEVUNK:HDRv1m4bnQgISrtLdBzEVUNK | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlS1BLdB+LVUNu:HDRv1m4bnQgIS1BLdB+LVUNu | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBkxVUN6:HDRv1m4bnQgISrBLdBkxVUN6 | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBbyVUNO:HDRv1m4bnQgISrtLdBbyVUNO | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBfFVUNe:HDRv1m4bnQgISrtLdBfFVUNe | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrVLdBAvVUNK:HDRv1m4bnQgISrVLdBAvVUNK | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBMqVUNu:HDRv1m4bnQgISrtLdBMqVUNu | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBqpVUN6:HDRv1m4bnQgISrtLdBqpVUN6 | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBKjVUNu:HDRv1m4bnQgISrpLdBKjVUNu | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBCHVUNa:HDRv1m4bnQgISrpLdBCHVUNa | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlS8BLdBjdVUNK:HDRv1m4bnQgIS8BLdBjdVUNK | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdB9BVUN+:HDRv1m4bnQgISrtLdB9BVUN+ | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBz0VUNK:HDRv1m4bnQgISrBLdBz0VUNK | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrVLdBR3VUNq:HDRv1m4bnQgISrVLdBR3VUNq | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBeMVUNK:HDRv1m4bnQgISrBLdBeMVUNK | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrVLdBjHVUNu:HDRv1m4bnQgISrVLdBjHVUNu | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBDjVUNO:HDRv1m4bnQgISrBLdBDjVUNO | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBp7VUNK:HDRv1m4bnQgISrpLdBp7VUNK | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBA7VUN+:HDRv1m4bnQgISrtLdBA7VUN+ | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBLeaVUN6:HDRv1m4bnQgISrtLdBLHVUN6 | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBHcVUNq:HDRv1m4bnQgISrtLdBHcVUNq | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBSCVUN+:HDRv1m4bnQgISrtLdBSCVUN+ | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBnUVUNe:HDRv1m4bnQgISrtLdBnUVUNe | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBsrVUNa:HDRv1m4bnQgISrpLdBsrVUNa | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdB4hVUNK:HDRv1m4bnQgISrpLdB4hVUNK | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBp7VUNu:HDRv1m4bnQgISrpLdBp7VUNu | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBBzVUNK:HDRv1m4bnQgISrpLdBBzVUNK | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrBLdBDyVUNq:HDRv1m4bnQgISrBLdBDyVUNq | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBoiVUNO:HDRv1m4bnQgISrtLdBoiVUNO | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrpLdBnpVUNq:HDRv1m4bnQgISrpLdBnpVUNq | — | |
ssdeep6144:LB6xh7Jj+cADxH14rcTDsaYD5XzuUivVz/0t3VaNGb:LBKDj+iQc9Dtil6 | — | |
ssdeep3072:u4PrXcuQuvpzm4bkiaMQgAlSrtLdBWlVUNu:HDRv1m4bnQgISrtLdBWlVUNu | — | |
ssdeep3072:O03uVpkH5pV43vODxeNgC2uQKrMWc1kAI3+q6bi4It:/GkZpWqxlu/oWjADqui4K | — | |
ssdeep6144:dAgtk7bT4mwZ9l/hWHIGPPpHDAxp5JO4i576IABpznCE5R/mHTS/:Te7bT1w7lhYLOxQ4aPyLZRuS/ | — | |
ssdeep12288:eaYoKxF6p8FySpE5zvIdtU+Ymeftv29kXJqF:ea3KP6p8DozAdO9p2CXJqF | — |
Text
| Value | Description | Copy |
|---|---|---|
textMalicious | — |
Tlsh
| Value | Description | Copy |
|---|---|---|
tlsht16ff32a2030b3ac17e64226311ccacd5822eb6e531847d72b77487b6e5f36a707dba61d | — | |
tlsht186f33a2030b3ac17e64226311ccacd5822eb6f531847d72b77447b6e5e36a707dbaa1d | — | |
tlsht112042a2030b3ac17e64226311ccacd5822ea6e131847d72b774c7b6e5f36a707dba61d | — | |
tlsht182c4e05ae7c18e5cec731bfc169f9c657756ecba7088084e2bb578e782307412426a1f | — |
Threat ID: 682c7ad8e3e6de8ceb775dff
Added to database: 5/20/2025, 12:51:36 PM
Last enriched: 6/19/2025, 2:19:07 PM
Last updated: 12/1/2025, 2:55:57 AM
Views: 33
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ThreatFox IOCs for 2025-11-30
MediumMalwareMon Dec 01 2025
ThreatFox IOCs for 2025-11-29
MediumMalwareSun Nov 30 2025
Sha1-Hulud - November 2025
MediumUnknownSat Nov 29 2025
Salesforce Gainsight Security Advisory - Nov 2025
MediumMalwareSat Nov 29 2025
ThreatFox IOCs for 2025-11-28
MediumMalwareSat Nov 29 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.