Analysis
-
max time kernel
799788s -
platform
android_x86 -
resource
android-x86-arm -
submitted
10-08-2021 10:43
Static task
static1
Behavioral task
behavioral1
Sample
2597276dc122b167e715dc047cad906d395de17a5b5526d29466d51a46d4d1b3.apk
Resource
android-x86-arm
0 signatures
0 seconds
General
-
Target
2597276dc122b167e715dc047cad906d395de17a5b5526d29466d51a46d4d1b3.apk
-
Size
3.9MB
-
MD5
c78df18ab4431a13924d66bf822fe5d7
-
SHA1
c0db93635471ad873bdaf71f6845113a0cc3d7f1
-
SHA256
2597276dc122b167e715dc047cad906d395de17a5b5526d29466d51a46d4d1b3
-
SHA512
c24bba3826b19f9347957565e1d202cafde431cf8e35c189a3937529f4ff345c046b00d1b0476df4967d825bef2b6f313d35a89b64b9b08c13a32119c164c3b4
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 2 IoCs
resource yara_rule behavioral1/files/5012-0.dat family_flubot behavioral1/files/5012-2.dat family_flubot -
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.weico.international/app_apkprotector_dex/HQJpfGX9.exe 5012 com.weico.international /data/user/0/com.weico.international/app_apkprotector_dex/HQJpfGX9.exe 5039 /system/bin/dex2oat /data/user/0/com.weico.international/app_apkprotector_dex/HQJpfGX9.exe 5012 com.weico.international -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.weico.international -
Uses reflection 1 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 5012 com.weico.international