flubot | 02de6eceb8204fccd22d83f3d7cf2b6c8a24042c305e19c638fd1a2c60ed91df

General

Target

02de6eceb8204fccd22d83f3d7cf2b6c8a24042c305e19c638fd1a2c60ed91df.apk
Size

3.9MB
MD5

b9b9857cde65ff58bbd8b4eb85216b65
SHA1

e5e785c56a8371e678c2f2a4b6dcf22aa458547f
SHA256

02de6eceb8204fccd22d83f3d7cf2b6c8a24042c305e19c638fd1a2c60ed91df
SHA512

63195e9d2157012cec14cfafe1f20f13e480aa41187c5a5c4c23681d09b0a09eeefa48ddcd3a0326cfa35dfe41c6082b825d23ac5aeceb9618d31eb9dd2f97f2

Score

10^/10

flubot banker infostealer obfuscation ransomware trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot Payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.weico.international/app_apkprotector_dex/q5JXkcbk.liq	family_flubot

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.weico.international/system/bin/dex2oat

ioc	pid	process
/data/user/0/com.weico.international/app_apkprotector_dex/q5JXkcbk.liq	4653	com.weico.international
/data/user/0/com.weico.international/app_apkprotector_dex/q5JXkcbk.liq	4690	/system/bin/dex2oat
/data/user/0/com.weico.international/app_apkprotector_dex/q5JXkcbk.liq	4653	com.weico.international

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.weico.international

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.weico.international
Uses reflection 1 IoCs
obfuscation

Processes:

com.weico.international

description pid process

Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4653 com.weico.international

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.weico.international

description	pid	process
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4653	com.weico.international

com.weico.international
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
PID:4653

com.weico.international
2⤵
PID:4690

/system/bin/dex2oat
2⤵
- Loads dropped Dex/Jar
PID:4690

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.weico.international/app_apkprotector_dex/oat/x86/q5JXkcbk.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.weico.international/app_apkprotector_dex/oat/x86/q5JXkcbk.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.weico.international/app_apkprotector_dex/q5JXkcbk.liq
MD5
8b55c70eb0552809a064268732a995f5

SHA1
c0bbf832b3a88fd0458ee6fe587b1760a14952dd

SHA256
8f57eb2dd1dd3e0747a5841093282afdb6f587499528a87daf4f614c8d4baee4

SHA512
5f5b9dac8227a26addbb410a0cb201f6158fcee4dfdf9930046589443d69b7b02044d0c77238b286b9ee662814bf58ef7bcb73ecb1a9d7e46c5f3c8e7fd095d4

Download Submit
/data/user/0/com.weico.international/app_apkprotector_dex/q5JXkcbk.liq
MD5
e4b63a56207e65f16ec64a9fc481a5b1

SHA1
3ceae97244e39432bebf552afa816192792310b9

SHA256
297890d6cea871df49f724e45a064ab64a136254edc4eb5118656f2fb823d47f

SHA512
dacbe7e05e2d372bd54a398426c11d2c9478fe0f34ad51cb574649f18a62ce331194be12cc36f357d5ac442e1ba3af85b89de019cb1b2d436b12c4b26d32b853

Download Submit
/data/user/0/com.weico.international/app_apkprotector_dex/q5JXkcbk.liq
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.weico.international/app_apkprotector_dex/q5JXkcbk.liq
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.weico.international/app_apkprotector_dex/q5JXkcbk.liq.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.weico.international/shared_prefs/DHL.xml
MD5
59e054fd29e9ea5049b6a930d14113b9

SHA1
da9abc23916b7061b56a726e753b2b93a6174011

SHA256
95bb37392a7dfd1bd6a02e7ddfe2baf1f43f357316acd1e4823608b03a112180

SHA512
70438edb70e9a7136ea61bafbdea29547aa3f892d4442e2def6f04759c0fe22faa1fe42433792c5edef53e4b1c5ec3337f83762d341199a3f431f46d06e2f38c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads