Overview

overview

10

Static

static

8

Android APK

android_x64

10

Analysis

  • max time kernel
    4060767s
  • max time network
    114s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    29-07-2021 11:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79673f2646bcd63b202ee23ba79e86e55a284126c918a444e1d461294d6d158e.apk

  • Size

    3.0MB

  • MD5

    fd0b4e6dfac82f85ab27b3d42baeb313

  • SHA1

    404ae8f4bec4233cd189f24998dfa87630e65a88

  • SHA256

    79673f2646bcd63b202ee23ba79e86e55a284126c918a444e1d461294d6d158e

  • SHA512

    26825985f52d512dd0ba86bbb4f2c4ceb69aaefc53f42afddebfe567e0a13d19764fca8b53f57898503fd38d40d3868c7307d20e8d1f8aba0943cb72d82c0da9

Score
10/10
flubotbankerinfostealerobfuscationransomwaresuricatatrojan

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

    bankertrojaninfostealerflubot
  • FluBot Payload 1 IoCs
  • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
    suricata
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Reads name of network operator 1 IoCs

    Uses Android APIs to discover system information.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware
  • Uses reflection 64 IoCs
    obfuscation

Processes

  • com.tencent.mobileqq
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Reads name of network operator
    • Uses Crypto APIs (Might try to encrypt user data).
    • Uses reflection
    PID:3594

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king
    MD5

    96fa945437051c2ecd943f96ee78e426

    SHA1

    ad0815de970fdbbe51808c96af97d5649f4561cc

    SHA256

    a5e24d66712dd49434ddeb0e491ec415c809ae37bcc81c3327ef421f1a5cd1c9

    SHA512

    df44e8c2dd4b9dcd5aa651202ca62cecf52e37e9958ac9b2ca48e644f2d35f8101fb6b144c566d6522f5fff7b091b8c51c2c781a3d52d64c5586fb4310520406

    Download Submit
  • /data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.tencent.mobileqq/app_apkprotector_dex/R46Z4rn2.king
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.tencent.mobileqq/shared_prefs/Voicemail.xml
    MD5

    abbf5d8b0c8f6af1d89de600f8d68a95

    SHA1

    c393e8539e7f5b84aa1865a04a93b20ac392fbea

    SHA256

    b96e08633c9908f3f75a28f4e9bef80a455afc4b164094b53e005230fd634153

    SHA512

    89d5101868b56a0f81177de19740a0b430e9a9a22c077caee2ec668590d8f55da1019679d91c6d894d3039fa2cd8e17fe19791d2f311f207f261e39ba6f09534

    Download Submit
  • /data/user/0/com.tencent.mobileqq/shared_prefs/Voicemail.xml
    MD5

    a6cdf6781a799eae425d0ba8d4076cfe

    SHA1

    25d8bb6197e98d698e66d6ece99a686ac1f7f080

    SHA256

    5ee807fa80ab85da148ea05b83ec9db03efcf8d648005c7c74d8a5758d359b33

    SHA512

    1718f0c1e07770d97fe9006d8828588570f4d28717dbea7d406d36a4fbbf272bc885113ee9637bd63ab2a78292ef59ab3e485b881940961af76b753062ca5c9b

    Download Submit