Analysis

  • max time kernel
    806729s
  • max time network
    117s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    10-08-2021 12:39

General

  • Target

    e35868c675496d3eea70814e0ecb8b6da27594509a76714fb1e06e5c682fea2c.apk

  • Size

    4.5MB

  • MD5

    1b761f689ff03c0a1a65f43c9c610606

  • SHA1

    8378ccc39df091a80dbb647bc3437e2cfa4626ab

  • SHA256

    e35868c675496d3eea70814e0ecb8b6da27594509a76714fb1e06e5c682fea2c

  • SHA512

    46e276dbcfe9fdc10b9fa0aa7a37ce67d13062ee8d211a6d3bb4987b3afba76f52960f465c7a4486d388059a7f7a7c610a1698dff4f053de33fdd2d8b32068f6

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Reads name of network operator 1 IoCs

    Uses Android APIs to discover system information.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
  • Uses reflection 11 IoCs

Processes

  • com.taobao.taobao
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Reads name of network operator
    • Uses Crypto APIs (Might try to encrypt user data).
    • Uses reflection
    PID:3592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads