Analysis

  • max time kernel
    799788s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    10-08-2021 10:43

General

  • Target

    2597276dc122b167e715dc047cad906d395de17a5b5526d29466d51a46d4d1b3.apk

  • Size

    3.9MB

  • MD5

    c78df18ab4431a13924d66bf822fe5d7

  • SHA1

    c0db93635471ad873bdaf71f6845113a0cc3d7f1

  • SHA256

    2597276dc122b167e715dc047cad906d395de17a5b5526d29466d51a46d4d1b3

  • SHA512

    c24bba3826b19f9347957565e1d202cafde431cf8e35c189a3937529f4ff345c046b00d1b0476df4967d825bef2b6f313d35a89b64b9b08c13a32119c164c3b4

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 2 IoCs
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
  • Uses reflection 1 IoCs

Processes

  • com.weico.international
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    • Uses reflection
    PID:5012
    • com.weico.international
      2⤵
        PID:5039
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:5039

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads