Analysis

  • max time kernel
    892319s
  • max time network
    125s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    11-08-2021 12:26

General

  • Target

    275d4203f724c8649b02cb312be4c20e9b55fa043516574812e24210e8204a95.apk

  • Size

    3.4MB

  • MD5

    acf704bdff80d2fcfb5658edb38c4218

  • SHA1

    eb60467c529a18dc2e6b98cdf8bb30412bb9b632

  • SHA256

    275d4203f724c8649b02cb312be4c20e9b55fa043516574812e24210e8204a95

  • SHA512

    ebe6c2814abd15726b87d1d091dc1a4be6453e826f7785143e6b0fff31e742e0f59298a62e2eef1692c85fd46d5a113b511d7a10ed9159f4a070d826d631dc60

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Reads name of network operator 1 IoCs

    Uses Android APIs to discover system information.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

Processes

  • com.iqiyi.i18n
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Reads name of network operator
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:3589

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads