Analysis
-
max time kernel
283376s -
max time network
21s -
platform
android_x64 -
resource
android-x64 -
submitted
04-08-2021 11:17
Static task
static1
Behavioral task
behavioral1
Sample
d638b28a5e20302569710f8cef556756154c4e935c5fba37a5fea722e4522ec7.apk
Resource
android-x64
General
-
Target
d638b28a5e20302569710f8cef556756154c4e935c5fba37a5fea722e4522ec7.apk
-
Size
3.7MB
-
MD5
876dec97fdd1e23556bbf01bb3b9fdb1
-
SHA1
d668b2eec0d52465e4ee1dd3ff713e33414fd9cb
-
SHA256
d638b28a5e20302569710f8cef556756154c4e935c5fba37a5fea722e4522ec7
-
SHA512
670d44f473f70fb4644c580cb430c9c4f98620b6521b05efba39e62c4d919cfd5938a5ac64332c0c583c086d45c994ca7ca079af13773bbf477b06775b37ed7c
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
Processes:
resource yara_rule /data/user/0/com.bilibili.app.in/app_apkprotector_dex/plBVKFnZ.av family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.bilibili.app.inioc pid process /data/user/0/com.bilibili.app.in/app_apkprotector_dex/plBVKFnZ.av 3591 com.bilibili.app.in /data/user/0/com.bilibili.app.in/app_apkprotector_dex/plBVKFnZ.av 3591 com.bilibili.app.in -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.bilibili.app.indescription ioc process Framework API call javax.crypto.Cipher.doFinal com.bilibili.app.in -
Uses reflection 1 IoCs
Processes:
com.bilibili.app.indescription pid process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 3591 com.bilibili.app.in
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.bilibili.app.in/app_apkprotector_dex/plBVKFnZ.avMD5
bf4dc64f9d39a928cbd4d12d04de2a4b
SHA1ff2ccab384c479be003c730870b9df8ffc04d091
SHA256ad38b0915409c230690b45a662c2389d6c3edcf7d9951b5bc745f3cd90c235ce
SHA51250a3a7298e4214ca8ac327e57613c38d9b8a8fbe81ac564c1b1d53947dc79417bf92a48a523750a9503a18b0fe66206652fe6e3fec4b6893e8663863ab863875
-
/data/user/0/com.bilibili.app.in/app_apkprotector_dex/plBVKFnZ.avMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.bilibili.app.in/app_apkprotector_dex/plBVKFnZ.avMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.bilibili.app.in/shared_prefs/Voicemail.xmlMD5
313c3ddf4cfda2fea25e1b00393e01a1
SHA136ba0374fe955245bdf780a02e3f1f533b455f8f
SHA2561c4b289e223f7b4b054ff1c51c0cb28d42b0e9c6f1b25ac614f6d52554ca225e
SHA5123321e603cd8cc1128991fae041f566427a7596cd6471b831fc543fb76117f1ccd9bb7ec22518c41e040ec237d908a1c8497ba25b47b06c2fd0285b5923d8b9ac