flubot | ffaebdbc8c2ecd63f9b97781bb16edc62b2e91b5c69e56e675f6fbba2d792924 | Triage

Resubmissions

03-07-2024 09:43

240703-lp1xbs1bln 10

03-07-2024 09:37

240703-llqxys1akq 10

03-07-2024 09:34

240703-ljz3vawgja 10

15-06-2021 18:35

210615-nab8r25hp6 10

15-06-2021 15:20

210615-a9th5lxqa2 10

Analysis

max time kernel
284681s
max time network
121s
platform
android_x64
resource
android-x64-arm64
submitted
15-06-2021 18:35

Sharing

Report Analysis Logs

General

Target

ffaebdbc8c2ecd63f9b97781bb16edc62b2e91b5c69e56e675f6fbba2d792924.apk
Size

3.8MB
MD5

10f8ddd80b1eb94540b5aace12b8824a
SHA1

5f6d13b57112441cd92a9cd2f9d115d9e492f158
SHA256

ffaebdbc8c2ecd63f9b97781bb16edc62b2e91b5c69e56e675f6fbba2d792924
SHA512

66ed579fa60280488142c6fce852bb8751b7cab2f7e323ba05c62bc925b24e4da2cf8733a2ab5c63bbd5ef128108d23398d33d052fd574fc40ed368c75ffb5a0

Score

10^/10

flubot banker infostealer obfuscation ransomware trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot Payload 2 IoCs

resource	yara_rule
behavioral1/files/4044-0.dat	family_flubot
behavioral1/memory/4044-0.dex	family_flubot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.tencent.qqlivei18n.us/app_apkprotector_dex/LqMKL1Kz.gl	4044	com.tencent.qqlivei18n.us
/data/user/0/com.tencent.qqlivei18n.us/app_apkprotector_dex/LqMKL1Kz.gl	4044	com.tencent.qqlivei18n.us

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.qqlivei18n.us

Uses reflection 1 IoCs

description	pid	Process
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4044	com.tencent.qqlivei18n.us

com.tencent.qqlivei18n.us
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
PID:4044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads