flubot | 3057caca88807270b93142eb314755dec69d7cbe09fe7b9d78dce5e5c7ef4913

General

Target

3057caca88807270b93142eb314755dec69d7cbe09fe7b9d78dce5e5c7ef4913.apk
Size

3.0MB
MD5

0334eba56e362dfa8c4aba3ee202624a
SHA1

acf7ded10113927a7077bffe50346d7a2387e971
SHA256

3057caca88807270b93142eb314755dec69d7cbe09fe7b9d78dce5e5c7ef4913
SHA512

596e6c3d2a42bf90f30470cf69cfbe3c71a0420232539d4fab74dc9af5282c439dd8a49ea01ff2fd3286690dc9257c70849231179ce839d81326f966612de78e

Score

10^/10

flubot banker infostealer obfuscation trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot Payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king	family_flubot

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.tencent.mobileqq/system/bin/dex2oat

ioc	pid	process
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king	4666	com.tencent.mobileqq
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king	4701	/system/bin/dex2oat
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king	4666	com.tencent.mobileqq

Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.tencent.mobileqq

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.tencent.mobileqq

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.tencent.mobileqq

Uses reflection 2 IoCs

obfuscation

Processes:

com.tencent.mobileqq

description	pid	process
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4666	com.tencent.mobileqq
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4666	com.tencent.mobileqq

com.tencent.mobileqq
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:4666

com.tencent.mobileqq
2⤵
PID:4701

/system/bin/dex2oat
2⤵
- Loads dropped Dex/Jar
PID:4701

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king
MD5
866f9cfae1e2a9a808f2e7c2f110f1e2

SHA1
e5ce60e5251b2abd7174a42148a69bc0af99383b

SHA256
41048c9796b81d86577624bda0527fa7eca65c0e1b8ce3cafc4d74e9aa8ac102

SHA512
aee1c80d259fa5efe9277f1f4de65f31633481dbbfff14893e46d25c06701f6c32b24b54ba2d990136b7f9841fabb05836e4184f44a6261d8418e9e6d1fdf97a

Download Submit
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king
MD5
69b9483f8660c20636acb97f13843cf2

SHA1
7cf03e61e4dd25115c76a4728ea461f553530ac7

SHA256
2eeee3f55a774897904bbfc4e217bbe8f4fe5f7b2eab774738b3e040a20d3ad6

SHA512
7878de674fb93a47e97f76a6242c946d8735d0cded0baa97d16b39b6e8919d2600e30adbfc6dee9a07302b363bbb4a95ace8d85c16603e362b130f7b81551ead

Download Submit
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/oat/x86/R46Z4rn2.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/oat/x86/R46Z4rn2.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.tencent.mobileqq/shared_prefs/Voicemail.xml
MD5
67fae47192d1a0bc8d8d8b8179dfdc36

SHA1
b19408d21910a57a679ab72df194d8691b0527ca

SHA256
d3677a5ca5124de3eed6ac5bacabdcfa299e9246a49013d769182c4cbd1433a0

SHA512
2b6e140e8090147fb6086e6f1541ef92141085c0f87f55297ee4420a5287ed33f4c81ed91ab112e959d19bfa8f95d01f3f8252a2298cdefe46dd201887229827

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads