Analysis
-
max time kernel
806729s -
max time network
117s -
platform
android_x64 -
resource
android-x64 -
submitted
10-08-2021 12:39
Static task
static1
Behavioral task
behavioral1
Sample
e35868c675496d3eea70814e0ecb8b6da27594509a76714fb1e06e5c682fea2c.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
e35868c675496d3eea70814e0ecb8b6da27594509a76714fb1e06e5c682fea2c.apk
-
Size
4.5MB
-
MD5
1b761f689ff03c0a1a65f43c9c610606
-
SHA1
8378ccc39df091a80dbb647bc3437e2cfa4626ab
-
SHA256
e35868c675496d3eea70814e0ecb8b6da27594509a76714fb1e06e5c682fea2c
-
SHA512
46e276dbcfe9fdc10b9fa0aa7a37ce67d13062ee8d211a6d3bb4987b3afba76f52960f465c7a4486d388059a7f7a7c610a1698dff4f053de33fdd2d8b32068f6
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
resource yara_rule behavioral1/files/3592-0.dat family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.taobao.taobao/app_apkprotector_dex/classes-v1.bin 3592 com.taobao.taobao /data/user/0/com.taobao.taobao/app_apkprotector_dex/classes-v1.bin 3592 com.taobao.taobao -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.taobao.taobao -
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
description ioc Process Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.taobao.taobao -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.taobao.taobao -
Uses reflection 11 IoCs
description pid Process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3592 com.taobao.taobao Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3592 com.taobao.taobao Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3592 com.taobao.taobao Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3592 com.taobao.taobao Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3592 com.taobao.taobao Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3592 com.taobao.taobao Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3592 com.taobao.taobao Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3592 com.taobao.taobao Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3592 com.taobao.taobao Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3592 com.taobao.taobao Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3592 com.taobao.taobao