Analysis
-
max time kernel
285439s -
max time network
119s -
platform
android_x64 -
resource
android-x64 -
submitted
04-08-2021 11:51
Static task
static1
Behavioral task
behavioral1
Sample
ae8877b889537821a10ca3151dd658e7405c769272b082befbede94e186de4f9.apk
Resource
android-x64
General
-
Target
ae8877b889537821a10ca3151dd658e7405c769272b082befbede94e186de4f9.apk
-
Size
3.4MB
-
MD5
80b71ae1e1240ca23b6843f698570b2a
-
SHA1
4b95f81ebb35c172043c20edee427812122f8e4b
-
SHA256
ae8877b889537821a10ca3151dd658e7405c769272b082befbede94e186de4f9
-
SHA512
70d0be1ce30a23ecff3df96ebef72495697707d648a69b0b7bb6b26b57f801d2d29e73709ef3ea2054be62f33b6063d1b4b99d7b3bbb01600bfdd653f31c7d47
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 2 IoCs
Processes:
resource yara_rule /data/user/0/com.eg.android.AlipayGphone/app_apkprotector_dex/classes-v1.bin family_flubot /data/user/0/com.eg.android.AlipayGphone/app_apkprotector_dex/classes-v1.bin family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.eg.android.AlipayGphoneioc pid process /data/user/0/com.eg.android.AlipayGphone/app_apkprotector_dex/classes-v1.bin 3593 com.eg.android.AlipayGphone /data/user/0/com.eg.android.AlipayGphone/app_apkprotector_dex/classes-v1.bin 3593 com.eg.android.AlipayGphone -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
com.eg.android.AlipayGphonedescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS com.eg.android.AlipayGphone -
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
Processes:
com.eg.android.AlipayGphonedescription ioc process Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.eg.android.AlipayGphone -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.eg.android.AlipayGphonedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.eg.android.AlipayGphone -
Uses reflection 17 IoCs
Processes:
com.eg.android.AlipayGphonedescription pid process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3593 com.eg.android.AlipayGphone
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.eg.android.AlipayGphone/app_apkprotector_dex/classes-v1.binMD5
07f46dfd0ab168d4170b4b269193f737
SHA11e1ee6f7e2d92f3bbe096fabd4a8189101e4eda7
SHA2565b7e51788f0d2c5cd4f4118a72e4152f8d0a9f594044a3f4df16f6c269d2d337
SHA5120b979c4676896687796e1724eef9bd614dd27dea2294e93d99b92e4d082a15d18e8200fb1d30f6ddd06cc9184f32dd6b1e1f07c518027fa8a795b876710beeba
-
/data/user/0/com.eg.android.AlipayGphone/app_apkprotector_dex/classes-v1.binMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.eg.android.AlipayGphone/app_apkprotector_dex/classes-v1.binMD5
31b104df2fdf33aa82a5ae2ef3fa4a46
SHA146edfd765550ba62ebb596dda034e52888df3c96
SHA256174d09031b9e0f37ebceb010d87a70b45adfc519ff23e07846777b64a17a8454
SHA512297448d26873756c69b8f3c6c0f1ef4c4bf82858de888074700095da90d1a12217fc7ced467461ce0ea0f4f2cd2bdd960231bcb3ba7ab18a9edf46906c2195b6
-
/data/user/0/com.eg.android.AlipayGphone/shared_prefs/DHL.xmlMD5
245154160ef31d6b81a10f79a9be62b0
SHA1c917afa44c047d1e26a379c45a0db55e7125f0ff
SHA256f5afbca88d6e151eeb74d3b7ebd0c0764bc74eed62c2a1fb744882b06f17e762
SHA51208a24ff2bd4c7480fac3e819ac38edc762179475bcd6704c5821925f5a2e7fa143f122e05c9d0cc89757eaac67a558c167fcacb412afab8ee0dd4019f5793065
-
/data/user/0/com.eg.android.AlipayGphone/shared_prefs/DHL.xmlMD5
e506e7f7e7d4ac6590c6d3d27032bda1
SHA1e4322c46ba1199e1073655dfce291a413036e8b0
SHA256b3c8ea7a7025b112afbccc7eddccc3a7f0ae323f2d8fba7bee9970ff32f5ea8f
SHA5126a4a784975331149d778566a8089cff34845219da92a733a2eb50d37d40dad5d7d8cd734eebd3618cff87c95637db105b1fe12b17f521ded546a8d29a39b3479