flubot | 7dcb4c377eebc1d4c5efd5ef873d9d82fc0dcf1ed1ec7ce9884ca09341fc012e

Analysis

max time kernel
3603910s
platform
android_x86
resource
android-x86-arm
submitted
24-07-2021 04:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Voicemail77.apk
Size

3.0MB
MD5

8b116440dae67d7a258c225fd7770bfd
SHA1

975d318bc82096c586913654e9f15ca643cfabd7
SHA256

7dcb4c377eebc1d4c5efd5ef873d9d82fc0dcf1ed1ec7ce9884ca09341fc012e
SHA512

b3f64e1532f030988daef21287fd52f9d1abf9a3fcad8eb5e8edbcabd47c1d413259b00f5c409221ded18ba66c5639df13245438369f5bbf20094fffeedc559e

Score

10^/10

flubot banker infostealer obfuscation trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot Payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.sina.weibo/app_apkprotector_dex/YNF53gHa.peace	family_flubot

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.sina.weibo/system/bin/dex2oat

ioc	pid	process
/data/user/0/com.sina.weibo/app_apkprotector_dex/YNF53gHa.peace	4651	com.sina.weibo
/data/user/0/com.sina.weibo/app_apkprotector_dex/YNF53gHa.peace	4731	/system/bin/dex2oat
/data/user/0/com.sina.weibo/app_apkprotector_dex/YNF53gHa.peace	4651	com.sina.weibo

Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.sina.weibo

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.sina.weibo

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.sina.weibo

Uses reflection 13 IoCs

obfuscation

Processes:

com.sina.weibo

description	pid	process
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4651	com.sina.weibo
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4651	com.sina.weibo
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4651	com.sina.weibo
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4651	com.sina.weibo
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4651	com.sina.weibo
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4651	com.sina.weibo
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4651	com.sina.weibo
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4651	com.sina.weibo
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4651	com.sina.weibo
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4651	com.sina.weibo
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4651	com.sina.weibo
Acesses field android.view.View.mAccessibilityDelegate	4651	com.sina.weibo
Acesses field android.view.View.mAccessibilityDelegate	4651	com.sina.weibo

com.sina.weibo
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:4651

com.sina.weibo
2⤵
PID:4731

/system/bin/dex2oat
2⤵
- Loads dropped Dex/Jar
PID:4731

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.sina.weibo/app_apkprotector_dex/YNF53gHa.peace
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.sina.weibo/app_apkprotector_dex/YNF53gHa.peace
MD5
451ed2786d00c86e50bedf3fc37ddb55

SHA1
5b5f9e217f40e004f9d06c8d4fefdb6bb7146559

SHA256
4f566e336de0a31dbf3af8006b2ac0aec3e47299c69918c699ce01f8e539f66f

SHA512
7ec6bb9d61e9aefdbeab436fb9c48da51d97e34b508b9b91270d887b1925fead87002630e6e2f7e21fb865d76873a924b3090aad088be57bf44c3477fe9f8f67

Download Submit
/data/user/0/com.sina.weibo/app_apkprotector_dex/YNF53gHa.peace
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.sina.weibo/app_apkprotector_dex/YNF53gHa.peace
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.sina.weibo/app_apkprotector_dex/YNF53gHa.peace.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.sina.weibo/app_apkprotector_dex/oat/x86/YNF53gHa.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.sina.weibo/app_apkprotector_dex/oat/x86/YNF53gHa.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.sina.weibo/shared_prefs/Voicemail.xml
MD5
2bfc78dbb8f88bfe251a8a3effa1fe95

SHA1
f75d9517ebbe8f0cdbc87b2649edb81a84244882

SHA256
1212fbb15dd5958e9e2e0fada9e6344078496270eb7e624932c8caf934e7ae3e

SHA512
8d6ca06f0e6ead4bec85319c5229d9de524271281355487561781e692b143a4b6b92f01321e603ad11ec26cf885a9513b20338b7aa5e460aacb7be3cf7a7eb5e

Download Submit
/data/user/0/com.sina.weibo/shared_prefs/Voicemail.xml
MD5
2ab05968920f6e5b97cab342f7f554c7

SHA1
4e8e3bd0febd3fd3f49ade88fc3c959e653672ed

SHA256
670f66fc84a665c39269247c6cd7a763a3d98ac7621cd77fc4be325d7036cdfb

SHA512
15cffa0b7e14f4ad42e24a142d45a92659c3bf24502f709820fac1e3076473dab18724e224deaaa91c5549fd9dd78b1533cad4271a83fe4623587c37007196bc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads