Analysis

  • max time kernel
    870482s
  • max time network
    1371s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    11-08-2021 06:11

General

  • Target

    Voicemail46.apk

  • Size

    3.3MB

  • MD5

    ea57bba4137e721c766892831851c2a3

  • SHA1

    3d8e9b72c3d8a6951171e9cd30028b4c2e8e699b

  • SHA256

    ac0abe0e36081fad3a4858c0cc91bb33ba6bbc9caf9b2969de826d037b57b58e

  • SHA512

    cb58f06238046716bc0309cef49af7fd1dcb4ceaf259d134a1e456202d1b3e57f8bfd482e79498136f9a5cb1b33feb6ef441d91acf1305414deab684e01a84db

Malware Config

Signatures

  • FluBot

    FluBot is an android banking trojan that uses overlays.

  • FluBot Payload 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses reflection 2 IoCs

Processes

  • com.baidu.BaiduMap
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses reflection
    PID:4734
    • com.baidu.BaiduMap
      2⤵
        PID:4774
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:4774

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads