Malware Analysis Report

2025-01-19 05:42

Sample ID 210811-y63v24retn
Target Voicemail46.apk
SHA256 ac0abe0e36081fad3a4858c0cc91bb33ba6bbc9caf9b2969de826d037b57b58e
Tags
flubot banker infostealer obfuscation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ac0abe0e36081fad3a4858c0cc91bb33ba6bbc9caf9b2969de826d037b57b58e

Threat Level: Known bad

The file Voicemail46.apk was found to be: Known bad.

Malicious Activity Summary

flubot banker infostealer obfuscation trojan

FluBot

FluBot Payload

Requests dangerous framework permissions

Requests enabling of the accessibility settings.

Loads dropped Dex/Jar

Uses reflection

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-08-11 06:11

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-08-11 06:11

Reported

2021-08-11 06:41

Platform

android-x86-arm

Max time kernel

870482s

Max time network

1371s

Command Line

com.baidu.BaiduMap

Signatures

FluBot

banker trojan infostealer flubot

FluBot Payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.baidu.BaiduMap/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A
N/A /data/user/0/com.baidu.BaiduMap/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows N/A N/A N/A
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE N/A N/A N/A

Processes

com.baidu.BaiduMap

com.baidu.BaiduMap

/system/bin/dex2oat

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 google.com udp
N/A 8.8.4.4:53 google.com udp
N/A 8.8.8.8:53 google.com udp
N/A 8.8.8.8:53 google.com udp
N/A 8.8.4.4:53 google.com udp
N/A 8.8.8.8:53 google.com udp
N/A 8.8.8.8:53 google.com udp
N/A 8.8.8.8:53 google.com udp
N/A 8.8.4.4:53 google.com udp

Files

/data/user/0/com.baidu.BaiduMap/code_cache/secondary-dexes/MultiDex.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.baidu.BaiduMap/code_cache/secondary-dexes/tmp-base.apk.classes7103571871653562215.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.baidu.BaiduMap/code_cache/secondary-dexes/base.apk.classes1.zip.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.baidu.BaiduMap/code_cache/secondary-dexes/oat/x86/base.apk.classes1.vdex

MD5 e9a0949f41753cd21a398701f64bc1c0
SHA1 dd0f74f960352ff8cb877c8b6fca0bc7c7587488
SHA256 e9cd4418f4641c48f6270564618c3c1847080cab773dff9d96bff43417869c54
SHA512 0d5ff8329b8c9bddb42af13909910ad0440ccc66ce4ff478d01b4c173f76d9c6355a91c6d7937f47634c0da9043e38bf78baf0375c41885e933f182bb8faacd8

/data/user/0/com.baidu.BaiduMap/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex

MD5 9596d6f77f27421c61c772f7e55b4f8b
SHA1 cee63f282947116a4b7b3e9a0d2d845a78410c95
SHA256 62d6ddec1d3dec64eabf215850e0a16738e9ada9845cb279ddce4417bf0ee9dc
SHA512 c5bd891e0276ee04d0fc024d4cd68d3cc50e91fe7cf1993e1d48a2aaa5e11a95d63147dbbbe9333949a21c3195d0f3e6cbbe2fbc1e517ebab33eab105fbdb219

/data/user/0/com.baidu.BaiduMap/shared_prefs/multidex.version.xml

MD5 fc95513a40fadb7c6223663a59f588c4
SHA1 cdb2447901b8dbb51508aef587023e06a8115e89
SHA256 b1fb508bd86ad515a6884675cc682139f41c74b88298091f8b815cfbef174e29
SHA512 e546a3b2bb227782e454aa29ca5d8842cd925a1b66d20695f625ed8594c89d5172684fcc874d8ff1113d4f13ea4875e14aa6b2868a97db164c3919380bb1e3d3

/data/user/0/com.baidu.BaiduMap/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.baidu.BaiduMap/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.baidu.BaiduMap/shared_prefs/Voicemail.xml

MD5 5beb9b2c36f91bdae8135c74f157af3b
SHA1 5283ef54aa9d5201f3492978f6a74c5338721ccc
SHA256 e338a9be11130e33cad054ec02234d9207be2f2f38954d63e7f050f485190cf1
SHA512 551969ddee5c6c885e4a2df4cf997ad757082989643703e53417fd9ac6d98a2449f785508a08d74995d775e911345ce1563fcd43f3d021ae590363266ce6492e