Analysis
-
max time kernel
4062446s -
max time network
172s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
29-07-2021 11:58
General
-
Target
083cc87dcf5eba8916aa006b98008c0a7ad78a1d6e7f59e09a05ccfeb60abe4e.apk
-
Size
3.0MB
-
MD5
7f5d0f0a58dc2fb8712c468b647ed8a0
-
SHA1
508e4d293d5c66f72d0e41c9408c37a9db51bd01
-
SHA256
083cc87dcf5eba8916aa006b98008c0a7ad78a1d6e7f59e09a05ccfeb60abe4e
-
SHA512
f90ec77a34c94a4fd8d18afa2ce48bcf66ea6d892732dca516d4b94ed6a410395b65b155cbf3e12a40f1a945be5cf738aaa5d6cb67159d349d58d6b4ee705f66
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Requests enabling of the accessibility settings. 1 IoCs
-
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
-
Uses reflection 64 IoCs
Processes
-
com.tencent.qqmusic1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Reads name of network operator
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.tencent.qqmusic/app_apkprotector_dex/9ma3A6v5.hillsMD5
751217a6c357669839a818fe3658273a
SHA1b4cf8a9976c5705eef891a40897d56d9d85a84bd
SHA256614faccfe37495c23ed962695ddc66efd2b6b212c33166d4558b69a8a494375d
SHA512a8eb5347762a98cf6c2b6e8ba557878a92a54c096499121f58bd71da3773cefef6b3b7d4f004fb744840b982309db244b4a2daec71839568a272caf207c0cf7d
-
/data/user/0/com.tencent.qqmusic/app_apkprotector_dex/9ma3A6v5.hillsMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.tencent.qqmusic/app_apkprotector_dex/9ma3A6v5.hillsMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.tencent.qqmusic/shared_prefs/Voicemail.xmlMD5
575c542912e09266b0c3a06c8d0993f1
SHA17ff063bf5efd1b38e632f598d7fcfcc9b11b7094
SHA25658938c002d4bb7ba3b1e4584d0b647a7c303072e967d0911089ff320ff69df83
SHA512b17b16c585dde492df737b216d345df411b2e9973cff67d5f357aebd5fd4e944550ee8438a36fc7a0d4e5c5c1208844b200fa38432b3d55d4cd6f90ae9b5e321
-
/data/user/0/com.tencent.qqmusic/shared_prefs/Voicemail.xmlMD5
33eb23dee0f3b00400a577ee41a56712
SHA127b5e0f681fb115cc2d258fb1a98bf2f2fedb43b
SHA25615abc280b9b142df2d555444c0705124c91792aa425a398abe93bf370c551cda
SHA512f498b3e608f08f47f0666f83425da69ba4304f3d8b935acd039e3b78bd7babe87ba57c0c5d5e8228e232ab7d7ee0acfe27692a0d21e78b6b22fe4ad38255acbe
-
/data/user/0/com.tencent.qqmusic/shared_prefs/Voicemail.xmlMD5
e668d23035907e1b8abd7af2cce8d47b
SHA18b355b3032b296a833bc2171ffa6294ccb68a652
SHA256535ede2c9364b363436e44d8b8ce7fd277fe67789a543cd577610b41cc50db85
SHA512c1de4afed0df50cedeafc95e252c7c1dde43444cda34082e66c5fe6928f417a006d7934bcd3bb9a21caba6d78844c971c8a99e40d18d86bba8eb13791f844b53