flubot | d638b28a5e20302569710f8cef556756154c4e935c5fba37a5fea722e4522ec7

Analysis

max time kernel
283376s
max time network
21s
platform
android_x64
resource
android-x64
submitted
04-08-2021 11:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d638b28a5e20302569710f8cef556756154c4e935c5fba37a5fea722e4522ec7.apk
Size

3.7MB
MD5

876dec97fdd1e23556bbf01bb3b9fdb1
SHA1

d668b2eec0d52465e4ee1dd3ff713e33414fd9cb
SHA256

d638b28a5e20302569710f8cef556756154c4e935c5fba37a5fea722e4522ec7
SHA512

670d44f473f70fb4644c580cb430c9c4f98620b6521b05efba39e62c4d919cfd5938a5ac64332c0c583c086d45c994ca7ca079af13773bbf477b06775b37ed7c

Score

10^/10

flubot banker infostealer obfuscation ransomware trojan

Malware Config

Signatures

FluBot
FluBot is an android banking trojan that uses overlays.
banker trojan infostealer flubot

FluBot Payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.bilibili.app.in/app_apkprotector_dex/plBVKFnZ.av	family_flubot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.bilibili.app.in

ioc	pid	process
/data/user/0/com.bilibili.app.in/app_apkprotector_dex/plBVKFnZ.av	3591	com.bilibili.app.in
/data/user/0/com.bilibili.app.in/app_apkprotector_dex/plBVKFnZ.av	3591	com.bilibili.app.in

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.bilibili.app.in

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.bilibili.app.in
Uses reflection 1 IoCs
obfuscation

Processes:

com.bilibili.app.in

description pid process

Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 3591 com.bilibili.app.in

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.bilibili.app.in

description	pid	process
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows	3591	com.bilibili.app.in

com.bilibili.app.in
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
PID:3591

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.bilibili.app.in/app_apkprotector_dex/plBVKFnZ.av
MD5
bf4dc64f9d39a928cbd4d12d04de2a4b

SHA1
ff2ccab384c479be003c730870b9df8ffc04d091

SHA256
ad38b0915409c230690b45a662c2389d6c3edcf7d9951b5bc745f3cd90c235ce

SHA512
50a3a7298e4214ca8ac327e57613c38d9b8a8fbe81ac564c1b1d53947dc79417bf92a48a523750a9503a18b0fe66206652fe6e3fec4b6893e8663863ab863875

Download Submit
/data/user/0/com.bilibili.app.in/app_apkprotector_dex/plBVKFnZ.av
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.bilibili.app.in/app_apkprotector_dex/plBVKFnZ.av
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.bilibili.app.in/shared_prefs/Voicemail.xml
MD5
313c3ddf4cfda2fea25e1b00393e01a1

SHA1
36ba0374fe955245bdf780a02e3f1f533b455f8f

SHA256
1c4b289e223f7b4b054ff1c51c0cb28d42b0e9c6f1b25ac614f6d52554ca225e

SHA512
3321e603cd8cc1128991fae041f566427a7596cd6471b831fc543fb76117f1ccd9bb7ec22518c41e040ec237d908a1c8497ba25b47b06c2fd0285b5923d8b9ac

Download Submit