Analysis
-
max time kernel
1710613s -
max time network
121s -
platform
android_x64 -
resource
android-x64 -
submitted
02-07-2021 06:41
General
-
Target
77fb8c058463491e674e12edafcaafe078b5efcdf823fa74278d10e1f23815f4.apk
-
Size
3.0MB
-
MD5
cd934f40a8ae12b1b39dd82a9b09c733
-
SHA1
d90be94043d6c0dac5d529aa4815f321f67d8e07
-
SHA256
77fb8c058463491e674e12edafcaafe078b5efcdf823fa74278d10e1f23815f4
-
SHA512
3250f9793a18de23bcc120077eb88a62c7e3268a71f530294079430ab732833e864c0e8bcfbba262e0671c3a9c56816d3d6c5e10b816eaf451f2b8892bfaeec6
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
-
Loads dropped Dex/Jar 4 IoCs
Runs executable file dropped to the device during analysis.
-
Requests enabling of the accessibility settings. 1 IoCs
-
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
-
Uses reflection 64 IoCs
Processes
-
com.didiglobal.passenger1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Reads name of network operator
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
7d3e1861d2994c6f047bc5331a78e00d
SHA1885d2803bd39dc6e13a5c4a3ef294f88fe64bd94
SHA25656ffc6ed197bbea0eb15b504d31acbe28856ab7f8ff4437d6c78db3242e33fbb
SHA5123c0106783db17634f1ebabd0e36a286e5f151231699f645490f25ca50f5fbf0e40789fd41f3b9b84f78ac617f3101b246c09cb8c619f031f41127e55f8ab656d
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
MD5
62da4b4aa40603915ae7a28420f4bb2c
SHA1ec406fd6a86ff92ecd69ab76cf91dddd2f17d54c
SHA256d18c9c8dbebdebdefb7b7d652f0fa1e453b35504dd0a09c9418704c34a0b62c2
SHA512c8a000b66209a95cf650cd3210584319c3ee148054d3531c1768be1fc02505aeedcb53c4979100d5447df13837727c9a974355e940f9b82b0a7c04983382fdd6
-
MD5
62da4b4aa40603915ae7a28420f4bb2c
SHA1ec406fd6a86ff92ecd69ab76cf91dddd2f17d54c
SHA256d18c9c8dbebdebdefb7b7d652f0fa1e453b35504dd0a09c9418704c34a0b62c2
SHA512c8a000b66209a95cf650cd3210584319c3ee148054d3531c1768be1fc02505aeedcb53c4979100d5447df13837727c9a974355e940f9b82b0a7c04983382fdd6
-
MD5
62da4b4aa40603915ae7a28420f4bb2c
SHA1ec406fd6a86ff92ecd69ab76cf91dddd2f17d54c
SHA256d18c9c8dbebdebdefb7b7d652f0fa1e453b35504dd0a09c9418704c34a0b62c2
SHA512c8a000b66209a95cf650cd3210584319c3ee148054d3531c1768be1fc02505aeedcb53c4979100d5447df13837727c9a974355e940f9b82b0a7c04983382fdd6
-
MD5
6d6998c712027a335cee6382e829e549
SHA14478b172b424cb5e4363e1ca83210007ed8dbee2
SHA256c80e07f2bad8518d5961b8b97aade2af426c7b337cbef2027f8955cf86bef2f7
SHA512efdef5c66af57c63e2eda7cc527b9972eb4c46b1a1cd7b2c18c7c0afd9c1f626774233225d4ba1e63e6e2127de74a79afa95eff1b5876098cc494991e27a1a2b
-
MD5
f34e5e2a1409c639ad8959a1765e8da2
SHA1bb852085708f66df0fe801ae4e9b3233007b042e
SHA2564ec05aa37670db4f90a0a7747023410d969dc020df974457cc445e77466359ad
SHA51245e5974f1400d062823a03847ef4d2c8300358a9f8db8f3b88307e0f17667bc24365474f970185714652aba95453f86015f8979571365b3044868f28a7c609ec