flubot | fa8f5ad27fa78a48dfe12c0b839fafbd0fef596a33848d5dc491b29479a4967b

General

Target

fa8f5ad27fa78a48dfe12c0b839fafbd0fef596a33848d5dc491b29479a4967b.apk
Size

4.0MB
MD5

94d5322568b95b257742180764059ca0
SHA1

903121334205895d6c5ac2ba28fe3c91d8640ad3
SHA256

fa8f5ad27fa78a48dfe12c0b839fafbd0fef596a33848d5dc491b29479a4967b
SHA512

e39299fc55d4d7285f410da63b9b519ab9085b5eb1cf901e2aca712f4af815fd6d742848dbb5f0dff8b3898cce6a0ff87c6f65e994fe38dd0aee17bc7dd8b15d

Score

10^/10

flubot banker infostealer obfuscation ransomware trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot Payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/p713405ee.p7b32cbd4.p14173c2c/app_apkprotector_dex/oat/x86/qug1ke4q.vdex	family_flubot

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

p713405ee.p7b32cbd4.p14173c2c/system/bin/dex2oat

ioc	pid	process
/data/user/0/p713405ee.p7b32cbd4.p14173c2c/app_apkprotector_dex/qug1ke4q.shs	4676	p713405ee.p7b32cbd4.p14173c2c
/data/user/0/p713405ee.p7b32cbd4.p14173c2c/app_apkprotector_dex/qug1ke4q.shs	4713	/system/bin/dex2oat
/data/user/0/p713405ee.p7b32cbd4.p14173c2c/app_apkprotector_dex/qug1ke4q.shs	4676	p713405ee.p7b32cbd4.p14173c2c

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

p713405ee.p7b32cbd4.p14173c2c

description ioc process

Framework API call javax.crypto.Cipher.doFinal p713405ee.p7b32cbd4.p14173c2c
Uses reflection 1 IoCs
obfuscation

Processes:

p713405ee.p7b32cbd4.p14173c2c

description pid process

Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4676 p713405ee.p7b32cbd4.p14173c2c

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	p713405ee.p7b32cbd4.p14173c2c

description	pid	process
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	4676	p713405ee.p7b32cbd4.p14173c2c

p713405ee.p7b32cbd4.p14173c2c
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
PID:4676

p713405ee.p7b32cbd4.p14173c2c
2⤵
PID:4713

/system/bin/dex2oat
2⤵
- Loads dropped Dex/Jar
PID:4713

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/p713405ee.p7b32cbd4.p14173c2c/app_apkprotector_dex/oat/x86/qug1ke4q.odex
MD5
45deb703afebeb17aa38ab539ad7838f

SHA1
64fdd2e3e2d3781a5f30c760e5d58476c3ee4ef3

SHA256
9e4fe66b259fefebbc153953ef6cf61e2ba705961940471f6875023daffc26b2

SHA512
058cb48d9039df026e79690d3c94ea2b84d0c471c212d4465388e732d2f335f570e3e6a7bc72a1aebbef5f96ecfd1ffa5a7c6a23de53de46090f092a142057b5

Download Submit
/data/user/0/p713405ee.p7b32cbd4.p14173c2c/app_apkprotector_dex/oat/x86/qug1ke4q.vdex
MD5
e239a88584f5e670d21593926248bcb4

SHA1
817837d75100b083bdb9bf8574e35cd29104610c

SHA256
23e3c70163c49aa61e5169535548d79a4589fa3d01f8ae167272147f0d654cb9

SHA512
7b904298b72815e10a1c5477876ae0a0a6146444c9e84b8df3925d609e5ff47d7f619299bb3a065963e65cc554078bbbf4df501fa0e9fd1bac39f69e9be8aba7

Download Submit
/data/user/0/p713405ee.p7b32cbd4.p14173c2c/app_apkprotector_dex/qug1ke4q.shs
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/p713405ee.p7b32cbd4.p14173c2c/app_apkprotector_dex/qug1ke4q.shs
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/p713405ee.p7b32cbd4.p14173c2c/app_apkprotector_dex/qug1ke4q.shs
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/p713405ee.p7b32cbd4.p14173c2c/app_apkprotector_dex/qug1ke4q.shs
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/p713405ee.p7b32cbd4.p14173c2c/app_apkprotector_dex/qug1ke4q.shs.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/p713405ee.p7b32cbd4.p14173c2c/shared_prefs/DHL.xml
MD5
79ae39f5874b981d9a336264bc4cd2cc

SHA1
2d21e9577bcca356df7d43af84ef4e26f6e240c4

SHA256
85a61bcea7410f201a63c6dfeeb0dda72d338774feb4da73133323b77a8dae3d

SHA512
7df9cdac4c675242331834bc4b372aa49d4b119c1d599c6c0c80dd86d13ddda375408a27052d62d8a5964f5afa8aaac599b77c6f73e0c1f593091f82a0844c30

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads