Analysis
-
max time kernel
870482s -
max time network
1371s -
platform
android_x86 -
resource
android-x86-arm -
submitted
11-08-2021 06:11
Static task
static1
Behavioral task
behavioral1
Sample
Voicemail46.apk
Resource
android-x86-arm
0 signatures
0 seconds
General
-
Target
Voicemail46.apk
-
Size
3.3MB
-
MD5
ea57bba4137e721c766892831851c2a3
-
SHA1
3d8e9b72c3d8a6951171e9cd30028b4c2e8e699b
-
SHA256
ac0abe0e36081fad3a4858c0cc91bb33ba6bbc9caf9b2969de826d037b57b58e
-
SHA512
cb58f06238046716bc0309cef49af7fd1dcb4ceaf259d134a1e456202d1b3e57f8bfd482e79498136f9a5cb1b33feb6ef441d91acf1305414deab684e01a84db
Score
10/10
Malware Config
Signatures
-
FluBot
FluBot is an android banking trojan that uses overlays.
-
FluBot Payload 1 IoCs
resource yara_rule behavioral1/files/4734-3.dat family_flubot -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.baidu.BaiduMap/code_cache/secondary-dexes/base.apk.classes1.zip 4774 /system/bin/dex2oat /data/user/0/com.baidu.BaiduMap/code_cache/secondary-dexes/base.apk.classes1.zip 4734 com.baidu.BaiduMap -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.baidu.BaiduMap -
Uses reflection 2 IoCs
description pid Process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4734 com.baidu.BaiduMap Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4734 com.baidu.BaiduMap