Analysis
-
max time kernel
4060767s -
max time network
114s -
platform
android_x64 -
resource
android-x64 -
submitted
29-07-2021 11:30
Static task
static1
Behavioral task
behavioral1
Sample
79673f2646bcd63b202ee23ba79e86e55a284126c918a444e1d461294d6d158e.apk
Resource
android-x64
General
-
Target
79673f2646bcd63b202ee23ba79e86e55a284126c918a444e1d461294d6d158e.apk
-
Size
3.0MB
-
MD5
fd0b4e6dfac82f85ab27b3d42baeb313
-
SHA1
404ae8f4bec4233cd189f24998dfa87630e65a88
-
SHA256
79673f2646bcd63b202ee23ba79e86e55a284126c918a444e1d461294d6d158e
-
SHA512
26825985f52d512dd0ba86bbb4f2c4ceb69aaefc53f42afddebfe567e0a13d19764fca8b53f57898503fd38d40d3868c7307d20e8d1f8aba0943cb72d82c0da9
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
Processes:
resource yara_rule /data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king family_flubot -
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.tencent.mobileqqioc pid process /data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king 3594 com.tencent.mobileqq /data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king 3594 com.tencent.mobileqq -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
com.tencent.mobileqqdescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS com.tencent.mobileqq -
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
Processes:
com.tencent.mobileqqdescription ioc process Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.tencent.mobileqq -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.tencent.mobileqqdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.tencent.mobileqq -
Uses reflection 64 IoCs
Processes:
com.tencent.mobileqqdescription pid process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 3594 com.tencent.mobileqq Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3594 com.tencent.mobileqq
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.kingMD5
96fa945437051c2ecd943f96ee78e426
SHA1ad0815de970fdbbe51808c96af97d5649f4561cc
SHA256a5e24d66712dd49434ddeb0e491ec415c809ae37bcc81c3327ef421f1a5cd1c9
SHA512df44e8c2dd4b9dcd5aa651202ca62cecf52e37e9958ac9b2ca48e644f2d35f8101fb6b144c566d6522f5fff7b091b8c51c2c781a3d52d64c5586fb4310520406
-
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.kingMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.kingMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.tencent.mobileqq/shared_prefs/Voicemail.xmlMD5
abbf5d8b0c8f6af1d89de600f8d68a95
SHA1c393e8539e7f5b84aa1865a04a93b20ac392fbea
SHA256b96e08633c9908f3f75a28f4e9bef80a455afc4b164094b53e005230fd634153
SHA51289d5101868b56a0f81177de19740a0b430e9a9a22c077caee2ec668590d8f55da1019679d91c6d894d3039fa2cd8e17fe19791d2f311f207f261e39ba6f09534
-
/data/user/0/com.tencent.mobileqq/shared_prefs/Voicemail.xmlMD5
a6cdf6781a799eae425d0ba8d4076cfe
SHA125d8bb6197e98d698e66d6ece99a686ac1f7f080
SHA2565ee807fa80ab85da148ea05b83ec9db03efcf8d648005c7c74d8a5758d359b33
SHA5121718f0c1e07770d97fe9006d8828588570f4d28717dbea7d406d36a4fbbf272bc885113ee9637bd63ab2a78292ef59ab3e485b881940961af76b753062ca5c9b