Analysis
-
max time kernel
718487s -
max time network
161s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
09-08-2021 12:08
Static task
static1
Behavioral task
behavioral1
Sample
b3406beb0c6a2c9ed4e582be6857092235f29f34c0a22b1be5bfd911cf2e0026.apk
Resource
android-x64-arm64
General
-
Target
b3406beb0c6a2c9ed4e582be6857092235f29f34c0a22b1be5bfd911cf2e0026.apk
-
Size
3.0MB
-
MD5
6e08fd5dc3f9200b0cfa6290211df9c8
-
SHA1
827b804ab5d38216a9aec21da6d382dc77a6451f
-
SHA256
b3406beb0c6a2c9ed4e582be6857092235f29f34c0a22b1be5bfd911cf2e0026
-
SHA512
3ad6add02639ea6b40b04f3558d1e2f271ae32ecd34ed45a5f0deb5bd557963b37465dba0cce7a86a7246957380f676cb3be9377663d39c6c88c3ff30c00211e
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 2 IoCs
Processes:
resource yara_rule /data/user/0/com.xunmeng.pinduoduo/app_apkprotector_dex/XoyN2M3V.king family_flubot /data/user/0/com.xunmeng.pinduoduo/app_apkprotector_dex/XoyN2M3V.king family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.xunmeng.pinduoduoioc pid process /data/user/0/com.xunmeng.pinduoduo/app_apkprotector_dex/XoyN2M3V.king 3927 com.xunmeng.pinduoduo /data/user/0/com.xunmeng.pinduoduo/app_apkprotector_dex/XoyN2M3V.king 3927 com.xunmeng.pinduoduo -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
com.xunmeng.pinduoduodescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS com.xunmeng.pinduoduo -
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
Processes:
com.xunmeng.pinduoduodescription ioc process Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.xunmeng.pinduoduo -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.xunmeng.pinduoduodescription ioc process Framework API call javax.crypto.Cipher.doFinal com.xunmeng.pinduoduo -
Uses reflection 64 IoCs
Processes:
com.xunmeng.pinduoduodescription pid process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 3927 com.xunmeng.pinduoduo Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3927 com.xunmeng.pinduoduo
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.xunmeng.pinduoduo/app_apkprotector_dex/XoyN2M3V.kingMD5
7a23a69a864ed0a5929caa321ea2740f
SHA1eae265c7e61526581a5b8bb9eb0d86926bb336c4
SHA2562f468742e9f736a3fb2789a5518b20e0faeaef2d602179ed412251a712b170eb
SHA512c463a4fcbadfd9a3d8cccec7a683770553f30aec2d43f9de39bc186230c8a2874fe106c886c4c75ca98aa42201c49d735f870b29b74b95262b9c0bc9290d3f49
-
/data/user/0/com.xunmeng.pinduoduo/app_apkprotector_dex/XoyN2M3V.kingMD5
e1127742c5aca7f5975c96676cabd0c8
SHA1f51390ea4377ab97e21714c767835dbed86bce0f
SHA256d9e37c715c951299ac2e2af98a8471a39835fb96d7c017863dc16109c6606672
SHA5127149751b2863e71ddef99e1ca06cd171cdddc4246067b11a36cc7f4c2649963c86695cc059f1a260ae02fb105cbf2374597096cc0675d63125212ba6b98bf332
-
/data/user/0/com.xunmeng.pinduoduo/app_apkprotector_dex/XoyN2M3V.kingMD5
e1127742c5aca7f5975c96676cabd0c8
SHA1f51390ea4377ab97e21714c767835dbed86bce0f
SHA256d9e37c715c951299ac2e2af98a8471a39835fb96d7c017863dc16109c6606672
SHA5127149751b2863e71ddef99e1ca06cd171cdddc4246067b11a36cc7f4c2649963c86695cc059f1a260ae02fb105cbf2374597096cc0675d63125212ba6b98bf332
-
/data/user/0/com.xunmeng.pinduoduo/shared_prefs/Voicemail.xmlMD5
0ea5c502749f10dbc8d006a52e2efaa7
SHA1e6a9dfb90f148424e0cc565243e21b8da3a9ffad
SHA25662a9dc22ee05545944e39a23322c15d4a957d9be1984830889c3a664b0a68a95
SHA512b7d7a9b49733efaa8b8760215509ac24fbcae742a940349bb47c33e8d654902da96bd5c2d2dbff0be9224dc50f1740d56980c4ceb10fc48315e535d057eae1a0
-
/data/user/0/com.xunmeng.pinduoduo/shared_prefs/Voicemail.xmlMD5
ff3fa23b717c5db51ec0088c6270ac22
SHA180a455a5a559fd727d0852b9cdc449f2866e7a0c
SHA25686bf388392088593677b49dc49b015ff3b9420ed00a54012fd47b800a01977ec
SHA5123f559a94596634a6bb26b072480dee3066930f2f514e7dc65936728816745571036e82f31d04e63c76057d7bb9401d401a352a7c6d133d146f919d523670d0fc
-
/data/user/0/com.xunmeng.pinduoduo/shared_prefs/Voicemail.xmlMD5
448e9648f7a132faa3fb3cb81dbda346
SHA154fb5653a9070a273197caec77f0934e44691640
SHA256caf9a82ea52812f4112058d0849eeed5c6bfb9da33d76e418f9bff2c1ddb58bf
SHA512005d22076a7e559470f0eab4b615f8ce43e75d41f7499f7a56bdc8618a8a12931f71e3257d3a19a931a2aacff38d6316701c9b3c8ed89211e619541930fa2bbb