Analysis
-
max time kernel
3977624s -
max time network
99s -
platform
android_x64 -
resource
android-x64 -
submitted
28-07-2021 12:24
Static task
static1
Behavioral task
behavioral1
Sample
34fa8ba91e4cdd55310c9be7ea50e027fa9595038330c38590cb322d2f18f7d1.apk
Resource
android-x64
General
-
Target
34fa8ba91e4cdd55310c9be7ea50e027fa9595038330c38590cb322d2f18f7d1.apk
-
Size
3.8MB
-
MD5
9cd8ee4c4e75a2d35f70a3e8a117e88f
-
SHA1
c7a2612a11828abae920b3d3c2db05938567c3ac
-
SHA256
34fa8ba91e4cdd55310c9be7ea50e027fa9595038330c38590cb322d2f18f7d1
-
SHA512
885e031a3d14b4e93ed398f76679848f2ce66214b7c2729fa20562f9697998233d0bf0e2c7b4dea8ff35bb161a6b2b6b1ee32ef65f7283ba28b05178fe5517fa
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
Processes:
resource yara_rule /data/user/0/com.eg.android.AlipayGphone/app_apkprotector_dex/gMEnqyx2.elk family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.eg.android.AlipayGphoneioc pid process /data/user/0/com.eg.android.AlipayGphone/app_apkprotector_dex/gMEnqyx2.elk 3678 com.eg.android.AlipayGphone /data/user/0/com.eg.android.AlipayGphone/app_apkprotector_dex/gMEnqyx2.elk 3678 com.eg.android.AlipayGphone -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.eg.android.AlipayGphonedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.eg.android.AlipayGphone -
Uses reflection 1 IoCs
Processes:
com.eg.android.AlipayGphonedescription pid process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 3678 com.eg.android.AlipayGphone
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.eg.android.AlipayGphone/app_apkprotector_dex/gMEnqyx2.elkMD5
dbee6172aa8fdae46921b708cc65b532
SHA19cf48bbe4dd4ef794cdb9def16a475ac3295e19b
SHA256a7d60d533bef888c4e62776ff9931fd540072826421276479b248046fe194d02
SHA5128f95f1326b18d14ae1c80cc3f943eff22a892e60016a6ad2a5d8ab57e2b64aa2eadf8319e38b0cbc2d842136a5735b9f4332ea88cac06e92b365af760b7979fb
-
/data/user/0/com.eg.android.AlipayGphone/app_apkprotector_dex/gMEnqyx2.elkMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.eg.android.AlipayGphone/app_apkprotector_dex/gMEnqyx2.elkMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.eg.android.AlipayGphone/shared_prefs/Voicemail.xmlMD5
ad787b4633ad4a01a26c24af3b497a71
SHA1b4391eb6dd813c874a3096d8a047f13f87002248
SHA2564cd2c44696fbc976ded0d44a0821f1a6936adfde5b50c38bd709a2825c4b7371
SHA5125d4842c915c9d52b258de4a0d54b373145794f2e407ab66c0eff88219a75778c2c4fe09b112b83f26bd50b15297d8a850baeef5e939266c18bd0848931ea6cc2