Analysis
-
max time kernel
892319s -
max time network
125s -
platform
android_x64 -
resource
android-x64 -
submitted
11-08-2021 12:26
Static task
static1
Behavioral task
behavioral1
Sample
275d4203f724c8649b02cb312be4c20e9b55fa043516574812e24210e8204a95.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
275d4203f724c8649b02cb312be4c20e9b55fa043516574812e24210e8204a95.apk
-
Size
3.4MB
-
MD5
acf704bdff80d2fcfb5658edb38c4218
-
SHA1
eb60467c529a18dc2e6b98cdf8bb30412bb9b632
-
SHA256
275d4203f724c8649b02cb312be4c20e9b55fa043516574812e24210e8204a95
-
SHA512
ebe6c2814abd15726b87d1d091dc1a4be6453e826f7785143e6b0fff31e742e0f59298a62e2eef1692c85fd46d5a113b511d7a10ed9159f4a070d826d631dc60
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
resource yara_rule behavioral1/files/3589-0.dat family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.iqiyi.i18n/app_apkprotector_dex/classes-v1.bin 3589 com.iqiyi.i18n /data/user/0/com.iqiyi.i18n/app_apkprotector_dex/classes-v1.bin 3589 com.iqiyi.i18n -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.iqiyi.i18n -
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
description ioc Process Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.iqiyi.i18n -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.iqiyi.i18n