Overview

overview

10

Static

static

8

Android APK

android_x64

10

Analysis

  • max time kernel
    3977635s
  • max time network
    39s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    28-07-2021 12:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8f5b4833dfad08899190b96e8e05274e7486c212d75590d773f9ad0e1b20534.apk

  • Size

    4.1MB

  • MD5

    a734b48f5d593c76a8a147f64602f855

  • SHA1

    cf3f799eac565500546b8bcbc337f3856cabf656

  • SHA256

    b8f5b4833dfad08899190b96e8e05274e7486c212d75590d773f9ad0e1b20534

  • SHA512

    22805437edf431b802e7467fb296e7beb6af08220389361edaa1469d06a9ce5a664a5ae1aa450e916ec1d9bf475f412e62356be1ab0afb0687fdc180f6a3b1b5

Score
10/10
flubotbankerinfostealerobfuscationransomwaretrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware
  • Uses reflection 1 IoCs
    obfuscation

Processes

  • com.bilibili.app.in
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    • Uses reflection
    PID:3673

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bilibili.app.in/app_apkprotector_dex/E0Y4NDcA.doc
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.bilibili.app.in/app_apkprotector_dex/E0Y4NDcA.doc
    MD5

    23459510fbcf0b903259868450d5e781

    SHA1

    228460f7bbdc6159c1c1e899453b0436002e487a

    SHA256

    d943c9008ff3d2c9a89c50afdcecb381c5c580069e4cc620d65b9c3e50ddc1b1

    SHA512

    ee50635c9eeb49bf362cff27899d5c22d5a96ee2497201d0ebf2d3b65ae9b3ea521da39d1b723566e275e1c50ef45ed8a321248e9f5a9c36df8e94300a9c3791

    Download Submit
  • /data/user/0/com.bilibili.app.in/app_apkprotector_dex/E0Y4NDcA.doc
    MD5

    22dab5fa64adc861b3f0bd7f45adad2c

    SHA1

    5394c2078b44edd0b3c1eeedede92cfa31b44314

    SHA256

    014e6d0d64880c92580696c9a14eea26c933f838c452018a605e1e3c207740cb

    SHA512

    c9665b472b2f66538ca3d678575d34aed7518f514dc38e26589ddf9ca8ad5b2e2c0fb363c21be89fae6b5429cd16bbcff45316d7e4fdf403e9d840adf976a0f2

    Download Submit
  • /data/user/0/com.bilibili.app.in/app_apkprotector_dex/E0Y4NDcA.doc
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.bilibili.app.in/shared_prefs/Voicemail.xml
    MD5

    8e912a7d8eef851ad5969cb20a093794

    SHA1

    a841ca05d9b69c7f25a7e11c2b5e968b044c2efa

    SHA256

    f29421b544df598b707dc02cb49e1ff44455e7bcebbac16837180f3c0e178c1d

    SHA512

    c30b0b0b53cafc614a1d135b1d2b272c41e41fbb4d7d2fbf79caab99eea33f42d85c205b384045803e5233cf6bfc874ff7ee7ea7c1a7b20bce74dde3cb47dbca

    Download Submit