Analysis
-
max time kernel
3278329s -
max time network
172s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
20-07-2021 10:09
Static task
static1
Behavioral task
behavioral1
Sample
5c4dc3463ce23ec3628f80cd65c90fae221bdab8e92631ef1e536704c2a47a60.apk
Resource
android-x64-arm64
General
-
Target
5c4dc3463ce23ec3628f80cd65c90fae221bdab8e92631ef1e536704c2a47a60.apk
-
Size
3.0MB
-
MD5
6a679f7d5a4681fb7e95e730aa7363a0
-
SHA1
3260270aea544eb415ca07861a75b17d1e2a1c61
-
SHA256
5c4dc3463ce23ec3628f80cd65c90fae221bdab8e92631ef1e536704c2a47a60
-
SHA512
724185620d7964d0ed5e08d8f4a0a95ddbcc55333b6ffabc98fa3ae759ed839d546044ef80acc5096d3e0b1213b73ca4d6ebba37d803be1bbd3a496c74c4cfbd
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
Processes:
resource yara_rule /data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.tencent.mobileqqioc pid process /data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king 4121 com.tencent.mobileqq /data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king 4121 com.tencent.mobileqq -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
com.tencent.mobileqqdescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS com.tencent.mobileqq -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.tencent.mobileqqdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.tencent.mobileqq -
Uses reflection 64 IoCs
Processes:
com.tencent.mobileqqdescription pid process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4121 com.tencent.mobileqq Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4121 com.tencent.mobileqq
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.kingMD5
96fa945437051c2ecd943f96ee78e426
SHA1ad0815de970fdbbe51808c96af97d5649f4561cc
SHA256a5e24d66712dd49434ddeb0e491ec415c809ae37bcc81c3327ef421f1a5cd1c9
SHA512df44e8c2dd4b9dcd5aa651202ca62cecf52e37e9958ac9b2ca48e644f2d35f8101fb6b144c566d6522f5fff7b091b8c51c2c781a3d52d64c5586fb4310520406
-
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.kingMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.kingMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.tencent.mobileqq/shared_prefs/Voicemail.xmlMD5
0f7922d154369edee4e429fc124b64b7
SHA13aeaec06291d1c136b7921614477c6ca49ffa5f7
SHA256352a225a6cd54bd99d5f0039049e4aab7a1c717af983c3b6cf230af8b3795bf7
SHA5127a4680fe37e58a2f7afa5609ba2a200ff9f65ed7f6cca71fb281b694dcd1a4e607fe30577d805f5fc16310164e7df9326fcd3c99bbcaba006535dd509a840604
-
/data/user/0/com.tencent.mobileqq/shared_prefs/Voicemail.xmlMD5
0c28cab7de0d1f619d88f93b6fc02741
SHA169db94e11c3d876c315cacc254e990da317def7f
SHA25689e185d3bac4b5bb776e055e6461c4572dcc5b170d074980d0ca1dfefcb8ae47
SHA51205ddd7f5062a4cce3a3ed216dfdcf938071c95cdd12ff0df329dba8812a9f8f54dcc04052aaa1a2857e6594469527ca360f6b117019e687742d1375c6e45b2cb